def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"system_replacemsg_device_detection_portal": {
"required": False,
"type": "dict",
"default": None,
"options": {
"buffer": {
"required": False,
"type": "str"
},
"format": {
"required": False,
"type": "str",
"choices": ["none", "text", "html", "wml"]
},
"header": {
"required": False,
"type": "str",
"choices": ["none", "http", "8bit"]
},
"msg_type": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
versions_check_result = None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system_replacemsg(
module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system_replacemsg(
module.params, fos)
fos.logout()
if versions_check_result and versions_check_result['matched'] is False:
module.warn(
"Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv"
)
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed,
version_check_warning=versions_check_result,
meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo",
version_check_warning=versions_check_result,
meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
jrpc_urls = [
'/pm/config/adom/{adom}/obj/system/dhcp/server/{server}/reserved-address',
'/pm/config/global/obj/system/dhcp/server/{server}/reserved-address'
]
perobject_jrpc_urls = [
'/pm/config/adom/{adom}/obj/system/dhcp/server/{server}/reserved-address/{reserved-address}',
'/pm/config/global/obj/system/dhcp/server/{server}/reserved-address/{reserved-address}'
]
url_params = ['adom', 'server']
module_primary_key = 'id'
module_arg_spec = {
'enable_log': {
'type': 'bool',
'required': False,
'default': False
},
'proposed_method': {
'type': 'str',
'required': False,
'choices': [
'set',
'update',
'add'
]
},
'bypass_validation': {
'type': 'bool',
'required': False,
'default': False
},
'workspace_locking_adom': {
'type': 'str',
'required': False
},
'workspace_locking_timeout': {
'type': 'int',
'required': False,
'default': 300
},
'rc_succeeded': {
'required': False,
'type': 'list'
},
'rc_failed': {
'required': False,
'type': 'list'
},
'state': {
'type': 'str',
'required': True,
'choices': [
'present',
'absent'
]
},
'adom': {
'required': True,
'type': 'str'
},
'server': {
'required': True,
'type': 'str'
},
'system_dhcp_server_reservedaddress': {
'required': False,
'type': 'dict',
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'options': {
'action': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'assign',
'block',
'reserved'
],
'type': 'str'
},
'description': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'id': {
'required': True,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'int'
},
'ip': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'mac': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'circuit-id': {
'required': False,
'revision': {
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'circuit-id-type': {
'required': False,
'revision': {
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'hex',
'string'
],
'type': 'str'
},
'remote-id': {
'required': False,
'revision': {
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'str'
},
'remote-id-type': {
'required': False,
'revision': {
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'hex',
'string'
],
'type': 'str'
},
'type': {
'required': False,
'revision': {
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'choices': [
'mac',
'option82'
],
'type': 'str'
}
}
}
}
params_validation_blob = []
check_galaxy_version(module_arg_spec)
module = AnsibleModule(argument_spec=check_parameter_bypass(module_arg_spec, 'system_dhcp_server_reservedaddress'),
supports_check_mode=False)
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
connection.set_option('enable_log', module.params['enable_log'] if 'enable_log' in module.params else False)
fmgr = NAPIManager(jrpc_urls, perobject_jrpc_urls, module_primary_key, url_params, module, connection, top_level_schema_name='data')
fmgr.validate_parameters(params_validation_blob)
fmgr.process_curd(argument_specs=module_arg_spec)
else:
module.fail_json(msg='MUST RUN IN HTTPAPI MODE')
module.exit_json(meta=module.params)
file=sys.stderr)
pprint.pprint(ct.get_result().as_dict(), stream=sys.stderr)
raise
if __name__ == '__main__':
# When openshift-client-python/ansible/rebuild_module.sh is executed, it will read in this template
# and replace the following variable with a b64 encoded tarball of the openshift-client-library
# package. The client_python_extract_dir path will contain the 'openshift' package directory.
REPLACED_BY_REBUILD_MODULE = '{}'
OPENSHIFT_CLIENT_PYTHON_TGZ = six.BytesIO(
base64.b64decode(REPLACED_BY_REBUILD_MODULE))
module = AnsibleModule(argument_spec=dict(
script=dict(required=True),
vars=dict(required=False, default={}, type='dict'),
project=dict(required=False, default=None),
timeout=dict(required=False, default=None, type='int'),
changes=dict(required=False, default=False, type='bool')))
client_python_extract_dir = tempfile.mkdtemp()
module.debug('Extracting openshift-client-python module to: {}'.format(
client_python_extract_dir))
try:
tf = tarfile.open(fileobj=OPENSHIFT_CLIENT_PYTHON_TGZ, mode='r:gz')
tf.extractall(client_python_extract_dir)
# Add the newly extacted directory to the python path to resolve the openshift package
sys.path.append(client_python_extract_dir)
# Import openshift as oc so that we can delete the extract directory. module.exit_ type methods
# call sys.exit, so this is our only chance to leave no trace.
import openshift as oc
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"vpn_ipsec_manualkey_interface": {
"required": False,
"type": "dict",
"default": None,
"options": {
"state": {
"required": False,
"type": "str",
"choices": ["present", "absent"]
},
"addr_type": {
"required": False,
"type": "str",
"choices": ["4", "6"]
},
"auth_alg": {
"required":
False,
"type":
"str",
"choices":
["null", "md5", "sha1", "sha256", "sha384", "sha512"]
},
"auth_key": {
"required": False,
"type": "str"
},
"enc_alg": {
"required": False,
"type": "str",
"choices": ["null", "des"]
},
"enc_key": {
"required": False,
"type": "str"
},
"interface": {
"required": False,
"type": "str"
},
"ip_version": {
"required": False,
"type": "str",
"choices": ["4", "6"]
},
"local_gw": {
"required": False,
"type": "str"
},
"local_gw6": {
"required": False,
"type": "str"
},
"local_spi": {
"required": False,
"type": "str"
},
"name": {
"required": True,
"type": "str"
},
"remote_gw": {
"required": False,
"type": "str"
},
"remote_gw6": {
"required": False,
"type": "str"
},
"remote_spi": {
"required": False,
"type": "str"
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_vpn_ipsec(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_vpn_ipsec(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
module = AnsibleModule(
argument_spec = dict(
delete_on_termination = dict(type='bool'),
detach_only = dict(type='bool'),
instance_name = dict(),
mode = dict(default='READ_ONLY', choices=['READ_WRITE', 'READ_ONLY']),
name = dict(required=True),
size_gb = dict(default=10),
disk_type = dict(default='pd-standard'),
image = dict(),
image_family = dict(),
external_projects = dict(type='list'),
snapshot = dict(),
state = dict(default='present'),
zone = dict(default='us-central1-b'),
service_account_email = dict(),
pem_file = dict(type='path'),
credentials_file = dict(type='path'),
project_id = dict(),
)
)
if not HAS_LIBCLOUD:
module.fail_json(msg='libcloud with GCE support (0.17.0+) is required for this module')
gce = gce_connect(module)
delete_on_termination = module.params.get('delete_on_termination')
detach_only = module.params.get('detach_only')
instance_name = module.params.get('instance_name')
mode = module.params.get('mode')
name = module.params.get('name')
size_gb = module.params.get('size_gb')
disk_type = module.params.get('disk_type')
image = module.params.get('image')
image_family = module.params.get('image_family')
external_projects = module.params.get('external_projects')
snapshot = module.params.get('snapshot')
state = module.params.get('state')
zone = module.params.get('zone')
if delete_on_termination and not instance_name:
module.fail_json(
msg='Must specify an instance name when requesting delete on termination',
changed=False)
if detach_only and not instance_name:
module.fail_json(
msg='Must specify an instance name when detaching a disk',
changed=False)
disk = inst = None
changed = is_attached = False
json_output = { 'name': name, 'zone': zone, 'state': state, 'disk_type': disk_type }
if detach_only:
json_output['detach_only'] = True
json_output['detached_from_instance'] = instance_name
if instance_name:
# user wants to attach/detach from an existing instance
try:
inst = gce.ex_get_node(instance_name, zone)
# is the disk attached?
for d in inst.extra['disks']:
if d['deviceName'] == name:
is_attached = True
json_output['attached_mode'] = d['mode']
json_output['attached_to_instance'] = inst.name
except:
pass
# find disk if it already exists
try:
disk = gce.ex_get_volume(name)
json_output['size_gb'] = int(disk.size)
except ResourceNotFoundError:
pass
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
# user wants a disk to exist. If "instance_name" is supplied the user
# also wants it attached
if state in ['active', 'present']:
if not size_gb:
module.fail_json(msg="Must supply a size_gb", changed=False)
try:
size_gb = int(round(float(size_gb)))
if size_gb < 1:
raise Exception
except:
module.fail_json(msg="Must supply a size_gb larger than 1 GB",
changed=False)
if instance_name and inst is None:
module.fail_json(msg='Instance %s does not exist in zone %s' % (
instance_name, zone), changed=False)
if not disk:
if image is not None and snapshot is not None:
module.fail_json(
msg='Cannot give both image (%s) and snapshot (%s)' % (
image, snapshot), changed=False)
lc_image = None
lc_snapshot = None
if image_family is not None:
lc_image = gce.ex_get_image_from_family(image_family, ex_project_list=external_projects)
elif image is not None:
lc_image = gce.ex_get_image(image, ex_project_list=external_projects)
elif snapshot is not None:
lc_snapshot = gce.ex_get_snapshot(snapshot)
try:
disk = gce.create_volume(
size_gb, name, location=zone, image=lc_image,
snapshot=lc_snapshot, ex_disk_type=disk_type)
except ResourceExistsError:
pass
except QuotaExceededError:
module.fail_json(msg='Requested disk size exceeds quota',
changed=False)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
json_output['size_gb'] = size_gb
if image is not None:
json_output['image'] = image
if snapshot is not None:
json_output['snapshot'] = snapshot
changed = True
if inst and not is_attached:
try:
gce.attach_volume(inst, disk, device=name, ex_mode=mode,
ex_auto_delete=delete_on_termination)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
json_output['attached_to_instance'] = inst.name
json_output['attached_mode'] = mode
if delete_on_termination:
json_output['delete_on_termination'] = True
changed = True
# user wants to delete a disk (or perhaps just detach it).
if state in ['absent', 'deleted'] and disk:
if inst and is_attached:
try:
gce.detach_volume(disk, ex_node=inst)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
changed = True
if not detach_only:
try:
gce.destroy_volume(disk)
except ResourceInUseError as e:
module.fail_json(msg=str(e.value), changed=False)
except Exception as e:
module.fail_json(msg=unexpected_error_msg(e), changed=False)
changed = True
json_output['changed'] = changed
module.exit_json(**json_output)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"dlp_fp_doc_source": {
"required": False,
"type": "dict",
"default": None,
"options": {
"date": {
"required": False,
"type": "int"
},
"file_path": {
"required": False,
"type": "str"
},
"file_pattern": {
"required": False,
"type": "str"
},
"keep_modified": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"name": {
"required": True,
"type": "str"
},
"password": {
"required": False,
"type": "str"
},
"period": {
"required": False,
"type": "str",
"choices": ["none", "daily", "weekly", "monthly"]
},
"remove_deleted": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"scan_on_creation": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"scan_subdirectories": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"sensitivity": {
"required": False,
"type": "str"
},
"server": {
"required": False,
"type": "str"
},
"server_type": {
"required": False,
"type": "str",
"choices": ["samba"]
},
"tod_hour": {
"required": False,
"type": "int"
},
"tod_min": {
"required": False,
"type": "int"
},
"username": {
"required": False,
"type": "str"
},
"vdom": {
"required": False,
"type": "str",
"choices": ["mgmt", "current"]
},
"weekday": {
"required":
False,
"type":
"str",
"choices": [
"sunday", "monday", "tuesday", "wednesday", "thursday",
"friday", "saturday"
]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_dlp(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_dlp(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
""" main entry point for module execution
"""
backup_spec = dict(filename=dict(), dir_path=dict(type="path"))
argument_spec = dict(
src=dict(type="path"),
replace_src=dict(),
lines=dict(aliases=["commands"], type="list", elements="str"),
parents=dict(type="list", elements="str"),
before=dict(type="list", elements="str"),
after=dict(type="list", elements="str"),
match=dict(
default="line", choices=["line", "strict", "exact", "none"]
),
replace=dict(default="line", choices=["line", "block", "config"]),
running_config=dict(aliases=["config"]),
intended_config=dict(),
defaults=dict(type="bool", default=False),
backup=dict(type="bool", default=False),
backup_options=dict(type="dict", options=backup_spec),
save_when=dict(
choices=["always", "never", "modified", "changed"], default="never"
),
diff_against=dict(choices=["running", "startup", "intended"]),
diff_ignore_lines=dict(type="list", elements="str"),
)
argument_spec.update(nxos_argument_spec)
mutually_exclusive = [("lines", "src", "replace_src"), ("parents", "src")]
required_if = [
("match", "strict", ["lines"]),
("match", "exact", ["lines"]),
("replace", "block", ["lines"]),
("replace", "config", ["replace_src"]),
("diff_against", "intended", ["intended_config"]),
]
module = AnsibleModule(
argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
required_if=required_if,
supports_check_mode=True,
)
warnings = list()
result = {"changed": False, "warnings": warnings}
config = None
diff_ignore_lines = module.params["diff_ignore_lines"]
path = module.params["parents"]
connection = get_connection(module)
contents = None
flags = ["all"] if module.params["defaults"] else []
replace_src = module.params["replace_src"]
if replace_src:
if module.params["replace"] != "config":
module.fail_json(
msg="replace: config is required with replace_src"
)
if module.params["backup"] or (
module._diff and module.params["diff_against"] == "running"
):
contents = get_config(module, flags=flags)
config = NetworkConfig(indent=2, contents=contents)
if module.params["backup"]:
result["__backup__"] = contents
if any((module.params["src"], module.params["lines"], replace_src)):
msg = (
"To ensure idempotency and correct diff the input configuration lines should be"
" similar to how they appear if present in the running configuration on device"
)
if module.params["src"] or replace_src:
msg += " including the indentation"
warnings.append(msg)
match = module.params["match"]
replace = module.params["replace"]
commit = not module.check_mode
candidate = get_candidate(module)
running = get_running_config(module, contents, flags=flags)
if replace_src:
commands = candidate.split("\n")
result["commands"] = result["updates"] = commands
if commit:
load_config(module, commands, replace=replace_src)
result["changed"] = True
else:
try:
response = connection.get_diff(
candidate=candidate,
running=running,
diff_match=match,
diff_ignore_lines=diff_ignore_lines,
path=path,
diff_replace=replace,
)
except ConnectionError as exc:
module.fail_json(
msg=to_text(exc, errors="surrogate_then_replace")
)
config_diff = response["config_diff"]
if config_diff:
commands = config_diff.split("\n")
if module.params["before"]:
commands[:0] = module.params["before"]
if module.params["after"]:
commands.extend(module.params["after"])
result["commands"] = commands
result["updates"] = commands
if commit:
load_config(module, commands, replace=replace_src)
result["changed"] = True
running_config = module.params["running_config"]
startup_config = None
if module.params["save_when"] == "always":
save_config(module, result)
elif module.params["save_when"] == "modified":
output = execute_show_commands(
module, ["show running-config", "show startup-config"]
)
running_config = NetworkConfig(
indent=2, contents=output[0], ignore_lines=diff_ignore_lines
)
startup_config = NetworkConfig(
indent=2, contents=output[1], ignore_lines=diff_ignore_lines
)
if running_config.sha1 != startup_config.sha1:
save_config(module, result)
elif module.params["save_when"] == "changed" and result["changed"]:
save_config(module, result)
if module._diff:
if not running_config:
output = execute_show_commands(module, "show running-config")
contents = output[0]
else:
contents = running_config
# recreate the object in order to process diff_ignore_lines
running_config = NetworkConfig(
indent=2, contents=contents, ignore_lines=diff_ignore_lines
)
if module.params["diff_against"] == "running":
if module.check_mode:
module.warn(
"unable to perform diff against running-config due to check mode"
)
contents = None
else:
contents = config.config_text
elif module.params["diff_against"] == "startup":
if not startup_config:
output = execute_show_commands(module, "show startup-config")
contents = output[0]
else:
contents = startup_config.config_text
elif module.params["diff_against"] == "intended":
contents = module.params["intended_config"]
if contents is not None:
base_config = NetworkConfig(
indent=2, contents=contents, ignore_lines=diff_ignore_lines
)
if running_config.sha1 != base_config.sha1:
if module.params["diff_against"] == "intended":
before = running_config
after = base_config
elif module.params["diff_against"] in ("startup", "running"):
before = base_config
after = running_config
result.update(
{
"changed": True,
"diff": {"before": str(before), "after": str(after)},
}
)
module.exit_json(**result)
def main():
argument_spec = dict(
snmp_host=dict(required=True, type='str'),
community=dict(type='str'),
udp=dict(type='str', default='162'),
version=dict(choices=['v1', 'v2c', 'v3']),
src_intf=dict(type='str'),
v3=dict(choices=['noauth', 'auth', 'priv']),
vrf_filter=dict(type='str'),
vrf=dict(type='str'),
snmp_type=dict(choices=['trap', 'inform']),
state=dict(choices=['absent', 'present'], default='present'),
)
argument_spec.update(nxos_argument_spec)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
warnings = list()
check_args(module, warnings)
results = {'changed': False, 'commands': [], 'warnings': warnings}
snmp_host = module.params['snmp_host']
community = module.params['community']
udp = module.params['udp']
version = module.params['version']
src_intf = module.params['src_intf']
v3 = module.params['v3']
vrf_filter = module.params['vrf_filter']
vrf = module.params['vrf']
snmp_type = module.params['snmp_type']
state = module.params['state']
existing = get_snmp_host(snmp_host, udp, module)
if version is None:
if existing:
version = existing.get('version')
else:
version = 'v1'
if snmp_type is None:
if existing:
snmp_type = existing.get('snmp_type')
else:
snmp_type = 'trap'
if v3 is None:
if version == 'v3' and existing:
v3 = existing.get('v3')
if snmp_type == 'inform' and version == 'v1':
module.fail_json(msg='inform requires snmp v2c or v3')
if (version == 'v1' or version == 'v2c') and v3:
module.fail_json(msg='param: "v3" should not be used when '
'using version v1 or v2c')
if not any([vrf_filter, vrf, src_intf]):
if not all([snmp_type, version, community, udp]):
module.fail_json(msg='when not configuring options like '
'vrf_filter, vrf, and src_intf,'
'the following params are required: '
'type, version, community')
if version == 'v3' and v3 is None:
module.fail_json(msg='when using version=v3, the param v3 '
'(options: auth, noauth, priv) is also required')
# existing returns the list of vrfs configured for a given host
# checking to see if the proposed is in the list
store = existing.get('vrf_filter')
if existing and store:
if vrf_filter not in existing['vrf_filter']:
existing['vrf_filter'] = None
else:
existing['vrf_filter'] = vrf_filter
commands = []
args = dict(
community=community,
snmp_host=snmp_host,
udp=udp,
version=version,
src_intf=src_intf,
vrf_filter=vrf_filter,
v3=v3,
vrf=vrf,
snmp_type=snmp_type
)
proposed = dict((k, v) for k, v in args.items() if v is not None)
if state == 'absent' and existing:
if proposed.get('community'):
commands.append(remove_snmp_host(snmp_host, udp, existing))
else:
if proposed.get('src_intf'):
commands.append(remove_src(snmp_host, udp, proposed, existing))
if proposed.get('vrf'):
commands.append(remove_vrf(snmp_host, udp, proposed, existing))
if proposed.get('vrf_filter'):
commands.append(remove_filter(snmp_host, udp, proposed, existing))
elif state == 'present':
delta = dict(set(proposed.items()).difference(existing.items()))
if delta:
command = config_snmp_host(delta, udp, proposed, existing, module)
commands.append(command)
cmds = flatten_list(commands)
if cmds:
results['changed'] = True
if not module.check_mode:
load_config(module, cmds)
if 'configure' in cmds:
cmds.pop(0)
results['commands'] = cmds
module.exit_json(**results)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"wireless_controller_hotspot20_icon": {
"required": False, "type": "dict", "default": None,
"options": {
"icon_list": {"required": False, "type": "list",
"options": {
"file": {"required": False, "type": "str"},
"height": {"required": False, "type": "int"},
"lang": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"type": {"required": False, "type": "str",
"choices": ["bmp", "gif", "jpeg",
"png", "tiff"]},
"width": {"required": False, "type": "int"}
}},
"name": {"required": True, "type": "str"}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_wireless_controller_hotspot20(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"state": {
"required": True,
"type": "str",
"choices": ["present", "absent"]
},
"firewall_multicast_policy6": {
"required": False,
"type": "dict",
"default": None,
"options": {
"action": {
"required": False,
"type": "str",
"choices": ["accept", "deny"]
},
"dstaddr": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"dstintf": {
"required": False,
"type": "str"
},
"end_port": {
"required": False,
"type": "int"
},
"id": {
"required": True,
"type": "int"
},
"logtraffic": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
},
"protocol": {
"required": False,
"type": "int"
},
"srcaddr": {
"required": False,
"type": "list",
"options": {
"name": {
"required": True,
"type": "str"
}
}
},
"srcintf": {
"required": False,
"type": "str"
},
"start_port": {
"required": False,
"type": "int"
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_firewall(
module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_firewall(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def __init__(self):
"""
Parse arguments, setup state variables,
check paramenters and ensure SDK is installed
"""
self._size_unit_map = netapp_utils.SF_BYTE_MAP
self.argument_spec = netapp_utils.ontap_sf_host_argument_spec()
self.argument_spec.update(
dict(
state=dict(required=False,
type='str',
choices=['present', 'absent'],
default='present'),
name=dict(required=True, type='str'),
account_id=dict(required=True),
enable512e=dict(type='bool', aliases=['enable512emulation']),
qos=dict(required=False, type='dict', default=None),
attributes=dict(required=False, type='dict', default=None),
size=dict(type='int'),
size_unit=dict(default='gb',
choices=[
'bytes', 'b', 'kb', 'mb', 'gb', 'tb', 'pb',
'eb', 'zb', 'yb'
],
type='str'),
access=dict(required=False,
type='str',
default=None,
choices=[
'readOnly', 'readWrite', 'locked',
'replicationTarget'
]),
))
self.module = AnsibleModule(argument_spec=self.argument_spec,
required_if=[('state', 'present',
['size', 'enable512e'])],
supports_check_mode=True)
param = self.module.params
# set up state variables
self.state = param['state']
self.name = param['name']
self.account_id = param['account_id']
self.enable512e = param['enable512e']
self.qos = param['qos']
self.attributes = param['attributes']
self.access = param['access']
self.size_unit = param['size_unit']
if param['size'] is not None:
self.size = param['size'] * self._size_unit_map[self.size_unit]
else:
self.size = None
if HAS_SF_SDK is False:
self.module.fail_json(
msg="Unable to import the ElementSW Python SDK")
else:
try:
self.sfe = netapp_utils.create_sf_connection(
module=self.module)
except solidfire.common.ApiServerError:
self.module.fail_json(msg="Unable to create the connection")
self.elementsw_helper = NaElementSWModule(self.sfe)
# add telemetry attributes
if self.attributes is not None:
self.attributes.update(
self.elementsw_helper.set_element_attributes(
source='na_elementsw_volume'))
else:
self.attributes = self.elementsw_helper.set_element_attributes(
source='na_elementsw_volume')
def main():
module_specific_arguments = dict(
servicename=dict(type='str'),
cnameentry=dict(type='str'),
servername=dict(type='str'),
servicetype=dict(type='str',
choices=[
'HTTP',
'FTP',
'TCP',
'UDP',
'SSL',
'SSL_BRIDGE',
'SSL_TCP',
'NNTP',
'ANY',
'SIP_UDP',
'SIP_TCP',
'SIP_SSL',
'RADIUS',
'RDP',
'RTSP',
'MYSQL',
'MSSQL',
'ORACLE',
]),
port=dict(type='int'),
publicip=dict(type='str'),
publicport=dict(type='int'),
maxclient=dict(type='float'),
healthmonitor=dict(type='bool'),
sitename=dict(type='str'),
cip=dict(type='str', choices=[
'enabled',
'disabled',
]),
cipheader=dict(type='str'),
sitepersistence=dict(type='str',
choices=[
'ConnectionProxy',
'HTTPRedirect',
'NONE',
]),
siteprefix=dict(type='str'),
clttimeout=dict(type='float'),
maxbandwidth=dict(type='float'),
downstateflush=dict(type='str', choices=[
'enabled',
'disabled',
]),
maxaaausers=dict(type='float'),
monthreshold=dict(type='float'),
hashid=dict(type='float'),
comment=dict(type='str'),
appflowlog=dict(type='str', choices=[
'enabled',
'disabled',
]),
ipaddress=dict(type='str'),
)
hand_inserted_arguments = dict(monitor_bindings=dict(type='list'), )
argument_spec = dict()
argument_spec.update(netscaler_common_arguments)
argument_spec.update(module_specific_arguments)
argument_spec.update(hand_inserted_arguments)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
module_result = dict(
changed=False,
failed=False,
loglines=loglines,
)
# Fail the module if imports failed
if not PYTHON_SDK_IMPORTED:
module.fail_json(msg='Could not load nitro python sdk')
# Fallthrough to rest of execution
client = get_nitro_client(module)
if not module.params['mas_proxy_call']:
try:
client.login()
except nitro_exception as e:
msg = "nitro exception during login. errorcode=%s, message=%s" % (
str(e.errorcode), e.message)
module.fail_json(msg=msg)
except Exception as e:
if str(type(e)) == "<class 'requests.exceptions.ConnectionError'>":
module.fail_json(msg='Connection error %s' % str(e))
elif str(type(e)) == "<class 'requests.exceptions.SSLError'>":
module.fail_json(msg='SSL Error %s' % str(e))
else:
module.fail_json(msg='Unexpected error during login %s' %
str(e))
readwrite_attrs = [
'servicename',
'cnameentry',
'ip',
'servername',
'servicetype',
'port',
'publicip',
'publicport',
'maxclient',
'healthmonitor',
'sitename',
'cip',
'cipheader',
'sitepersistence',
'siteprefix',
'clttimeout',
'maxbandwidth',
'downstateflush',
'maxaaausers',
'monthreshold',
'hashid',
'comment',
'appflowlog',
'ipaddress',
]
readonly_attrs = [
'gslb',
'svrstate',
'svreffgslbstate',
'gslbthreshold',
'gslbsvcstats',
'monstate',
'preferredlocation',
'monitor_state',
'statechangetimesec',
'tickssincelaststatechange',
'threshold',
'clmonowner',
'clmonview',
'__count',
]
immutable_attrs = [
'servicename',
'cnameentry',
'ip',
'servername',
'servicetype',
'port',
'sitename',
'state',
'cipheader',
'cookietimeout',
'clttimeout',
'svrtimeout',
'viewip',
'monitor_name_svc',
'newname',
]
transforms = {
'healthmonitor': ['bool_yes_no'],
'cip': [lambda v: v.upper()],
'downstateflush': [lambda v: v.upper()],
'appflowlog': [lambda v: v.upper()],
}
# params = copy.deepcopy(module.params)
module.params['ip'] = module.params['ipaddress']
# Instantiate config proxy
gslb_service_proxy = ConfigProxy(
actual=gslbservice(),
client=client,
attribute_values_dict=module.params,
transforms=transforms,
readwrite_attrs=readwrite_attrs,
readonly_attrs=readonly_attrs,
immutable_attrs=immutable_attrs,
)
try:
ensure_feature_is_enabled(client, 'GSLB')
# Apply appropriate state
if module.params['state'] == 'present':
if not gslb_service_exists(client, module):
if not module.check_mode:
gslb_service_proxy.add()
sync_monitor_bindings(client, module)
if module.params['save_config']:
client.save_config()
module_result['changed'] = True
elif not all_identical(client, module, gslb_service_proxy):
# Check if we try to change value of immutable attributes
immutables_changed = get_immutables_intersection(
gslb_service_proxy,
diff_list(client, module, gslb_service_proxy).keys())
if immutables_changed != []:
module.fail_json(
msg='Cannot update immutable attributes %s' %
(immutables_changed, ),
diff=diff_list(client, module, gslb_service_proxy),
**module_result)
# Update main configuration object
if not gslb_service_identical(client, module,
gslb_service_proxy):
if not module.check_mode:
gslb_service_proxy.update()
# Update monitor bindigns
if not monitor_bindings_identical(client, module):
if not module.check_mode:
sync_monitor_bindings(client, module)
# Fallthrough to save and change status update
module_result['changed'] = True
if module.params['save_config']:
client.save_config()
else:
module_result['changed'] = False
# Sanity check for state
if not module.check_mode:
if not gslb_service_exists(client, module):
module.fail_json(msg='GSLB service does not exist',
**module_result)
if not gslb_service_identical(client, module,
gslb_service_proxy):
module.fail_json(
msg='GSLB service differs from configured',
diff=diff_list(client, module, gslb_service_proxy),
**module_result)
if not monitor_bindings_identical(client, module):
module.fail_json(
msg='Monitor bindings differ from configured',
diff=diff_list(client, module, gslb_service_proxy),
**module_result)
elif module.params['state'] == 'absent':
if gslb_service_exists(client, module):
if not module.check_mode:
gslb_service_proxy.delete()
if module.params['save_config']:
client.save_config()
module_result['changed'] = True
else:
module_result['changed'] = False
# Sanity check for state
if not module.check_mode:
if gslb_service_exists(client, module):
module.fail_json(msg='GSLB service still exists',
**module_result)
except nitro_exception as e:
msg = "nitro exception errorcode=%s, message=%s" % (str(
e.errorcode), e.message)
module.fail_json(msg=msg, **module_result)
if not module.params['mas_proxy_call']:
client.logout()
module.exit_json(**module_result)
def main():
""" main entry point for module execution
"""
element_spec = dict(
name=dict(),
configured_password=dict(no_log=True),
update_password=dict(default='always', choices=['on_create', 'always']),
public_key=dict(),
public_key_contents=dict(),
group=dict(aliases=['role']),
groups=dict(type='list', elements='dict'),
state=dict(default='present', choices=['present', 'absent'])
)
aggregate_spec = deepcopy(element_spec)
aggregate_spec['name'] = dict(required=True)
# remove default in aggregate spec, to handle common arguments
remove_default_spec(aggregate_spec)
argument_spec = dict(
aggregate=dict(type='list', elements='dict', options=aggregate_spec, aliases=['users', 'collection']),
purge=dict(type='bool', default=False)
)
argument_spec.update(element_spec)
argument_spec.update(iosxr_argument_spec)
mutually_exclusive = [('name', 'aggregate'), ('public_key', 'public_key_contents'), ('group', 'groups')]
module = AnsibleModule(argument_spec=argument_spec,
mutually_exclusive=mutually_exclusive,
supports_check_mode=True)
if (module.params['public_key_contents'] or module.params['public_key']):
if not HAS_B64:
module.fail_json(
msg='library base64 is required but does not appear to be '
'installed. It can be installed using `pip install base64`'
)
if not HAS_PARAMIKO:
module.fail_json(
msg='library paramiko is required but does not appear to be '
'installed. It can be installed using `pip install paramiko`'
)
warnings = list()
if module.params['password'] and not module.params['configured_password']:
warnings.append(
'The "password" argument is used to authenticate the current connection. ' +
'To set a user password use "configured_password" instead.'
)
result = {'changed': False}
want = map_params_to_obj(module)
have = map_config_to_obj(module)
commands = map_obj_to_commands((want, have), module)
if module.params['purge']:
want_users = [x['name'] for x in want]
have_users = [x['name'] for x in have]
for item in set(have_users).difference(want_users):
if item != 'admin':
commands.append('no username %s' % item)
result['commands'] = commands
result['warnings'] = warnings
if 'no username admin' in commands:
module.fail_json(msg='cannot delete the `admin` account')
if commands:
commit = not module.check_mode
diff = load_config(module, commands, commit=commit)
if diff:
result['diff'] = dict(prepared=diff)
result['changed'] = True
if module.params['state'] == 'present' and (module.params['public_key_contents'] or module.params['public_key']):
if not module.check_mode:
key = convert_key_to_base64(module)
copykeys = copy_key_to_node(module, key)
if copykeys is False:
warnings.append('Please set up your provider before running this playbook')
if module.params['aggregate']:
for user in module.params['aggregate']:
cmdtodo = "admin crypto key import authentication rsa username %s harddisk:/publickey_aggregate.b64" % (user)
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
else:
cmdtodo = "admin crypto key import authentication rsa username %s harddisk:/publickey_%s.b64" % (module.params['name'], module.params['name'])
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
elif module.params['state'] == 'absent':
if not module.check_mode:
if module.params['aggregate']:
for user in module.params['aggregate']:
cmdtodo = "admin crypto key zeroize authentication rsa username %s" % (user)
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
else:
cmdtodo = "admin crypto key zeroize authentication rsa username %s" % (module.params['name'])
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
elif module.params['purge'] is True:
if not module.check_mode:
cmdtodo = "admin crypto key zeroize authentication rsa all"
addremove = addremovekey(module, cmdtodo)
if addremove is False:
warnings.append('Please set up your provider before running this playbook')
module.exit_json(**result)
def main():
argument_spec = dict(ip_address=dict(required=True),
password=dict(no_log=True),
username=dict(default='admin'),
api_key=dict(no_log=True),
state=dict(default='present',
choices=['present', 'absent']),
name=dict(required=True),
dhgroup=dict(default='group2'),
authentication=dict(default='sha1'),
encryption=dict(type='list',
default=['aes-256-cbc', '3des']),
lifetime_sec=dict(type='int', default=28800),
commit=dict(type='bool', default=True))
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=False,
required_one_of=[['api_key', 'password']])
if not HAS_LIB:
module.fail_json(msg='Missing required libraries.')
ip_address = module.params['ip_address']
password = module.params['password']
username = module.params['username']
api_key = module.params['api_key']
state = module.params['state']
ike_profile_name = module.params['name']
ike_dhgroup = module.params['dhgroup']
ike_authentication = module.params['authentication']
ike_encryption = module.params['encryption']
ike_lifetime_sec = module.params['lifetime_sec']
commit = module.params['commit']
# If Panorama, validate the devicegroup
# dev_group = None
# if devicegroup and isinstance(device, panorama.Panorama):
# dev_group = get_devicegroup(device, devicegroup)
# if dev_group:
# device.add(dev_group)
# else:
# module.fail_json(msg='\'%s\' device group not found in Panorama. Is the name correct?' % devicegroup)
ikeProfile = IKEProfile(name=ike_profile_name,
authentication=ike_authentication,
encryption=ike_encryption,
dh_group=ike_dhgroup,
lifetime_secs=ike_lifetime_sec)
ike_crypto_prof = network.IkeCryptoProfile(
ikeProfile.name, ikeProfile.dh_group, ikeProfile.authentication,
ikeProfile.encryption, ikeProfile.lifetime_secs, None, None, None, 0)
# Create the device with the appropriate pandevice type
device = base.PanDevice.create_from_device(ip_address,
username,
password,
api_key=api_key)
changed = False
try:
# fetch all crypto profiles
profiles = network.IkeCryptoProfile.refreshall(device)
if state == "present":
device.add(ike_crypto_prof)
for p in profiles:
if p.name == ike_crypto_prof.name:
if not ike_crypto_prof.equal(p):
ike_crypto_prof.apply()
changed = True
break
else:
ike_crypto_prof.create()
changed = True
elif state == "absent":
ike_crypto_prof = device.find(ikeProfile.name,
network.IkeCryptoProfile)
if ike_crypto_prof:
ike_crypto_prof.delete()
changed = True
else:
module.fail_json(msg='[%s] state is not implemented yet' % state)
except PanDeviceError:
exc = get_exception()
module.fail_json(msg=exc.message)
if commit and changed:
device.commit(sync=True)
module.exit_json(msg='IKE Crypto profile config successful.',
changed=changed)
def main():
fields = {
"host": {
"required": False,
"type": "str"
},
"username": {
"required": False,
"type": "str"
},
"password": {
"required": False,
"type": "str",
"default": "",
"no_log": True
},
"vdom": {
"required": False,
"type": "str",
"default": "root"
},
"https": {
"required": False,
"type": "bool",
"default": True
},
"ssl_verify": {
"required": False,
"type": "bool",
"default": True
},
"system_fortisandbox": {
"required": False,
"type": "dict",
"default": None,
"options": {
"email": {
"required": False,
"type": "str"
},
"enc_algorithm": {
"required": False,
"type": "str",
"choices": ["default", "high", "low"]
},
"server": {
"required": False,
"type": "str"
},
"source_ip": {
"required": False,
"type": "str"
},
"ssl_min_proto_version": {
"required": False,
"type": "str",
"choices":
["default", "SSLv3", "TLSv1", "TLSv1-1", "TLSv1-2"]
},
"status": {
"required": False,
"type": "str",
"choices": ["enable", "disable"]
}
}
}
}
module = AnsibleModule(argument_spec=fields, supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
fields = {
"host": {"required": False, "type": "str"},
"username": {"required": False, "type": "str"},
"password": {"required": False, "type": "str", "default": "", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"https": {"required": False, "type": "bool", "default": True},
"ssl_verify": {"required": False, "type": "bool", "default": True},
"state": {"required": True, "type": "str",
"choices": ["present", "absent"]},
"system_gre_tunnel": {
"required": False, "type": "dict", "default": None,
"options": {
"checksum_reception": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"checksum_transmission": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"dscp_copying": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"interface": {"required": False, "type": "str"},
"ip_version": {"required": False, "type": "str",
"choices": ["4", "6"]},
"keepalive_failtimes": {"required": False, "type": "int"},
"keepalive_interval": {"required": False, "type": "int"},
"key_inbound": {"required": False, "type": "int"},
"key_outbound": {"required": False, "type": "int"},
"local_gw": {"required": False, "type": "str"},
"local_gw6": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"remote_gw": {"required": False, "type": "str"},
"remote_gw6": {"required": False, "type": "str"},
"sequence_number_reception": {"required": False, "type": "str",
"choices": ["disable", "enable"]},
"sequence_number_transmission": {"required": False, "type": "str",
"choices": ["disable", "enable"]}
}
}
}
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
# legacy_mode refers to using fortiosapi instead of HTTPAPI
legacy_mode = 'host' in module.params and module.params['host'] is not None and \
'username' in module.params and module.params['username'] is not None and \
'password' in module.params and module.params['password'] is not None
if not legacy_mode:
if module._socket_path:
connection = Connection(module._socket_path)
fos = FortiOSHandler(connection)
is_error, has_changed, result = fortios_system(module.params, fos)
else:
module.fail_json(**FAIL_SOCKET_MSG)
else:
try:
from fortiosapi import FortiOSAPI
except ImportError:
module.fail_json(msg="fortiosapi module is required")
fos = FortiOSAPI()
login(module.params, fos)
is_error, has_changed, result = fortios_system(module.params, fos)
fos.logout()
if not is_error:
module.exit_json(changed=has_changed, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
"""
Module execution
:return:
"""
argument_spec = keycloak_argument_spec()
protmapper_spec = dict(
consentRequired=dict(type='bool'),
consentText=dict(type='str'),
id=dict(type='str'),
name=dict(type='str'),
protocol=dict(type='str', choices=['openid-connect', 'saml']),
protocolMapper=dict(type='str'),
config=dict(type='dict'),
)
meta_args = dict(
state=dict(default='present', choices=['present', 'absent']),
realm=dict(type='str', default='master'),
id=dict(type='str'),
client_id=dict(type='str', aliases=['clientId']),
name=dict(type='str'),
description=dict(type='str'),
root_url=dict(type='str', aliases=['rootUrl']),
admin_url=dict(type='str', aliases=['adminUrl']),
base_url=dict(type='str', aliases=['baseUrl']),
surrogate_auth_required=dict(type='bool', aliases=['surrogateAuthRequired']),
enabled=dict(type='bool'),
client_authenticator_type=dict(type='str', choices=['client-secret', 'client-jwt'], aliases=['clientAuthenticatorType']),
secret=dict(type='str', no_log=True),
registration_access_token=dict(type='str', aliases=['registrationAccessToken']),
default_roles=dict(type='list', aliases=['defaultRoles']),
redirect_uris=dict(type='list', aliases=['redirectUris']),
web_origins=dict(type='list', aliases=['webOrigins']),
not_before=dict(type='int', aliases=['notBefore']),
bearer_only=dict(type='bool', aliases=['bearerOnly']),
consent_required=dict(type='bool', aliases=['consentRequired']),
standard_flow_enabled=dict(type='bool', aliases=['standardFlowEnabled']),
implicit_flow_enabled=dict(type='bool', aliases=['implicitFlowEnabled']),
direct_access_grants_enabled=dict(type='bool', aliases=['directAccessGrantsEnabled']),
service_accounts_enabled=dict(type='bool', aliases=['serviceAccountsEnabled']),
authorization_services_enabled=dict(type='bool', aliases=['authorizationServicesEnabled']),
public_client=dict(type='bool', aliases=['publicClient']),
frontchannel_logout=dict(type='bool', aliases=['frontchannelLogout']),
protocol=dict(type='str', choices=['openid-connect', 'saml']),
attributes=dict(type='dict'),
full_scope_allowed=dict(type='bool', aliases=['fullScopeAllowed']),
node_re_registration_timeout=dict(type='int', aliases=['nodeReRegistrationTimeout']),
registered_nodes=dict(type='dict', aliases=['registeredNodes']),
client_template=dict(type='str', aliases=['clientTemplate']),
use_template_config=dict(type='bool', aliases=['useTemplateConfig']),
use_template_scope=dict(type='bool', aliases=['useTemplateScope']),
use_template_mappers=dict(type='bool', aliases=['useTemplateMappers']),
protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec, aliases=['protocolMappers']),
authorization_settings=dict(type='dict', aliases=['authorizationSettings']),
)
argument_spec.update(meta_args)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
required_one_of=([['client_id', 'id']]))
result = dict(changed=False, msg='', diff={}, proposed={}, existing={}, end_state={})
# Obtain access token, initialize API
try:
connection_header = get_token(
base_url=module.params.get('auth_keycloak_url'),
validate_certs=module.params.get('validate_certs'),
auth_realm=module.params.get('auth_realm'),
client_id=module.params.get('auth_client_id'),
auth_username=module.params.get('auth_username'),
auth_password=module.params.get('auth_password'),
client_secret=module.params.get('auth_client_secret'),
)
except KeycloakError as e:
module.fail_json(msg=str(e))
kc = KeycloakAPI(module, connection_header)
realm = module.params.get('realm')
cid = module.params.get('id')
state = module.params.get('state')
# convert module parameters to client representation parameters (if they belong in there)
client_params = [x for x in module.params
if x not in list(keycloak_argument_spec().keys()) + ['state', 'realm'] and
module.params.get(x) is not None]
keycloak_argument_spec().keys()
# See whether the client already exists in Keycloak
if cid is None:
before_client = kc.get_client_by_clientid(module.params.get('client_id'), realm=realm)
if before_client is not None:
cid = before_client['id']
else:
before_client = kc.get_client_by_id(cid, realm=realm)
if before_client is None:
before_client = dict()
# Build a proposed changeset from parameters given to this module
changeset = dict()
for client_param in client_params:
new_param_value = module.params.get(client_param)
# some lists in the Keycloak API are sorted, some are not.
if isinstance(new_param_value, list):
if client_param in ['attributes']:
try:
new_param_value = sorted(new_param_value)
except TypeError:
pass
# Unfortunately, the ansible argument spec checker introduces variables with null values when
# they are not specified
if client_param == 'protocol_mappers':
new_param_value = [dict((k, v) for k, v in x.items() if x[k] is not None) for x in new_param_value]
changeset[camel(client_param)] = new_param_value
# Whether creating or updating a client, take the before-state and merge the changeset into it
updated_client = before_client.copy()
updated_client.update(changeset)
result['proposed'] = sanitize_cr(changeset)
result['existing'] = sanitize_cr(before_client)
# If the client does not exist yet, before_client is still empty
if before_client == dict():
if state == 'absent':
# do nothing and exit
if module._diff:
result['diff'] = dict(before='', after='')
result['msg'] = 'Client does not exist, doing nothing.'
module.exit_json(**result)
# create new client
result['changed'] = True
if 'clientId' not in updated_client:
module.fail_json(msg='client_id needs to be specified when creating a new client')
if module._diff:
result['diff'] = dict(before='', after=sanitize_cr(updated_client))
if module.check_mode:
module.exit_json(**result)
kc.create_client(updated_client, realm=realm)
after_client = kc.get_client_by_clientid(updated_client['clientId'], realm=realm)
result['end_state'] = sanitize_cr(after_client)
result['msg'] = 'Client %s has been created.' % updated_client['clientId']
module.exit_json(**result)
else:
if state == 'present':
# update existing client
result['changed'] = True
if module.check_mode:
# We can only compare the current client with the proposed updates we have
if module._diff:
result['diff'] = dict(before=sanitize_cr(before_client),
after=sanitize_cr(updated_client))
result['changed'] = (before_client != updated_client)
module.exit_json(**result)
kc.update_client(cid, updated_client, realm=realm)
after_client = kc.get_client_by_id(cid, realm=realm)
if before_client == after_client:
result['changed'] = False
if module._diff:
result['diff'] = dict(before=sanitize_cr(before_client),
after=sanitize_cr(after_client))
result['end_state'] = sanitize_cr(after_client)
result['msg'] = 'Client %s has been updated.' % updated_client['clientId']
module.exit_json(**result)
else:
# Delete existing client
result['changed'] = True
if module._diff:
result['diff']['before'] = sanitize_cr(before_client)
result['diff']['after'] = ''
if module.check_mode:
module.exit_json(**result)
kc.delete_client(cid, realm=realm)
result['proposed'] = dict()
result['end_state'] = dict()
result['msg'] = 'Client %s has been deleted.' % before_client['clientId']
module.exit_json(**result)
module.exit_json(**result)
def __init__(self):
self._size_unit_map = dict(
bytes=1,
b=1,
kb=1024,
mb=1024 ** 2,
gb=1024 ** 3,
tb=1024 ** 4,
pb=1024 ** 5,
eb=1024 ** 6,
zb=1024 ** 7,
yb=1024 ** 8
)
self._post_headers = dict(Accept="application/json")
self._post_headers['Content-Type'] = 'application/json'
argument_spec = basic_auth_argument_spec()
argument_spec.update(dict(
state=dict(required=True, choices=['present', 'absent']),
ssid=dict(required=True, type='str'),
name=dict(required=True, type='str'),
storage_pool_name=dict(type='str'),
size_unit=dict(default='gb', choices=['bytes', 'b', 'kb', 'mb', 'gb', 'tb', 'pb', 'eb', 'zb', 'yb'],
type='str'),
size=dict(type='int'),
segment_size_kb=dict(default=128, choices=[8, 16, 32, 64, 128, 256, 512], type='int'),
ssd_cache_enabled=dict(type='bool'), # no default, leave existing setting alone
data_assurance_enabled=dict(default=False, type='bool'),
thin_provision=dict(default=False, type='bool'),
thin_volume_repo_size=dict(type='int'),
thin_volume_max_repo_size=dict(type='int'),
# TODO: add cache, owning controller support, thin expansion policy, etc
log_path=dict(type='str'),
api_url=dict(type='str'),
api_username=dict(type='str'),
api_password=dict(type='str', no_log=True),
validate_certs=dict(type='bool'),
))
self.module = AnsibleModule(argument_spec=argument_spec,
required_if=[
('state', 'present', ['storage_pool_name', 'size']),
('thin_provision', 'true', ['thin_volume_repo_size'])
],
supports_check_mode=True)
p = self.module.params
log_path = p['log_path']
# logging setup
self._logger = logging.getLogger(self.__class__.__name__)
self.debug = self._logger.debug
if log_path:
logging.basicConfig(level=logging.DEBUG, filename=log_path)
self.state = p['state']
self.ssid = p['ssid']
self.name = p['name']
self.storage_pool_name = p['storage_pool_name']
self.size_unit = p['size_unit']
self.size = p['size']
self.segment_size_kb = p['segment_size_kb']
self.ssd_cache_enabled = p['ssd_cache_enabled']
self.data_assurance_enabled = p['data_assurance_enabled']
self.thin_provision = p['thin_provision']
self.thin_volume_repo_size = p['thin_volume_repo_size']
self.thin_volume_max_repo_size = p['thin_volume_max_repo_size']
if not self.thin_volume_max_repo_size:
self.thin_volume_max_repo_size = self.size
self.validate_certs = p['validate_certs']
try:
self.api_usr = p['api_username']
self.api_pwd = p['api_password']
self.api_url = p['api_url']
except KeyError:
self.module.fail_json(msg="You must pass in api_username "
"and api_password and api_url to the module.")
def main():
argument_spec = dict(
key_id=dict(type='str'),
md5string=dict(type='str'),
auth_type=dict(choices=['text', 'encrypt'], default='text'),
trusted_key=dict(choices=['true', 'false'], default='false'),
authentication=dict(choices=['on', 'off']),
state=dict(choices=['absent', 'present'], default='present'),
)
argument_spec.update(nxos_argument_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
warnings = list()
key_id = module.params['key_id']
md5string = module.params['md5string']
auth_type = module.params['auth_type']
trusted_key = module.params['trusted_key']
authentication = module.params['authentication']
state = module.params['state']
if key_id:
if not trusted_key and not md5string:
module.fail_json(msg='trusted_key or md5string MUST be specified')
args = dict(key_id=key_id, md5string=md5string,
auth_type=auth_type, trusted_key=trusted_key,
authentication=authentication)
changed = False
proposed = dict((k, v) for k, v in args.items() if v is not None)
existing = get_ntp_auth_info(key_id, module)
end_state = existing
delta = dict(set(proposed.items()).difference(existing.items()))
commands = []
if state == 'present':
if delta:
command = set_ntp_auth_key(
key_id, md5string, delta.get('auth_type'),
delta.get('trusted_key'), delta.get('authentication'))
if command:
commands.append(command)
elif state == 'absent':
auth_toggle = None
if existing.get('authentication') == 'on':
auth_toggle = True
if not existing.get('key_id'):
key_id = None
command = remove_ntp_auth_key(
key_id, md5string, auth_type, trusted_key, auth_toggle)
if command:
commands.append(command)
cmds = flatten_list(commands)
if cmds:
if module.check_mode:
module.exit_json(changed=True, commands=cmds)
else:
load_config(module, cmds)
end_state = get_ntp_auth_info(key_id, module)
delta = dict(set(end_state.items()).difference(existing.items()))
if delta or (len(existing) != len(end_state)):
changed = True
if 'configure' in cmds:
cmds.pop(0)
results = {}
results['proposed'] = proposed
results['existing'] = existing
results['updates'] = cmds
results['changed'] = changed
results['warnings'] = warnings
results['end_state'] = end_state
module.exit_json(**results)
def main():
''' Main entry point for module execution
'''
ipv4_spec = dict(
address=dict(),
subnet_mask=dict(),
gateway=dict(),
)
ipv6_spec = dict(
virtual_ip=dict(),
cidr_prefix=dict(type='int'),
gateway=dict(),
)
port_spec = dict(
auto_port_setting_enabled=dict(type='bool'),
duplex=dict(),
speed=dict(),
)
lan2_port_spec = dict(
enabled=dict(type='bool'),
network_setting=dict(type='list', elements='dict', options=ipv4_spec),
v6_network_setting=dict(type='list',
elements='dict',
options=ipv6_spec),
)
ha_port_spec = dict(
ha_ip_address=dict(),
ha_port_setting=dict(type='list', elements='dict', options=port_spec),
lan_port_setting=dict(type='list', elements='dict', options=port_spec),
mgmt_lan=dict(),
mgmt_ipv6addr=dict(),
)
node_spec = dict(
lan2_physical_setting=dict(type='list',
elements='dict',
options=port_spec),
lan_ha_port_setting=dict(type='list',
elements='dict',
options=ha_port_spec),
mgmt_network_setting=dict(type='list',
elements='dict',
options=ipv4_spec),
v6_mgmt_network_setting=dict(type='list',
elements='dict',
options=ipv6_spec),
)
mgmt_port_spec = dict(
enabled=dict(type='bool'),
security_access_enabled=dict(type='bool'),
vpn_enabled=dict(type='bool'),
)
syslog_spec = dict(
address=dict(),
category_list=dict(type='list'),
connection_type=dict(default='UDP'),
local_interface=dict(default='ANY'),
message_node_id=dict(default='LAN'),
message_source=dict(default='ANY'),
only_category_list=dict(type='bool'),
port=dict(type='int', default=514),
severity=dict(default='DEBUG'),
)
hw_spec = dict(
hwmodel=dict(),
hwtype=dict(),
)
pre_prov_spec = dict(
hardware_info=dict(type='list', elements='dict', options=hw_spec),
licenses=dict(type='list'),
)
ib_spec = dict(
host_name=dict(required=True, aliases=['name'], ib_req=True),
vip_setting=dict(type='list', elements='dict', options=ipv4_spec),
ipv6_setting=dict(type='list', elements='dict', options=ipv6_spec),
config_addr_type=dict(default='IPV4'),
comment=dict(),
enable_ha=dict(type='bool', default=False),
router_id=dict(type='int'),
lan2_enabled=dict(type='bool', default=False),
lan2_port_setting=dict(type='list',
elements='dict',
options=lan2_port_spec),
platform=dict(default='INFOBLOX'),
node_info=dict(type='list', elements='dict', options=node_spec),
mgmt_port_setting=dict(type='list',
elements='dict',
options=mgmt_port_spec),
upgrade_group=dict(default='Default'),
use_syslog_proxy_setting=dict(type='bool'),
external_syslog_server_enable=dict(type='bool'),
syslog_servers=dict(type='list', elements='dict', options=syslog_spec),
pre_provisioning=dict(type='list',
elements='dict',
options=pre_prov_spec),
extattrs=dict(type='dict'),
create_token=dict(type='bool', default=False),
)
argument_spec = dict(provider=dict(required=True),
state=dict(default='present',
choices=['present', 'absent']))
argument_spec.update(ib_spec)
argument_spec.update(WapiModule.provider_spec)
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True)
wapi = WapiModule(module)
result = wapi.run(NIOS_MEMBER, ib_spec)
module.exit_json(**result)
def main():
module = AnsibleModule(argument_spec=get_argspec(),
supports_check_mode=True)
result = run_command(module)
module.exit_json(**result)
def main():
argument_spec = pgutils.postgres_common_argument_spec()
argument_spec.update(dict(
db=dict(required=True, aliases=['name']),
owner=dict(default=""),
template=dict(default=""),
encoding=dict(default=""),
lc_collate=dict(default=""),
lc_ctype=dict(default=""),
state=dict(default="present", choices=["absent", "present"]),
))
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode = True
)
if not HAS_PSYCOPG2:
module.fail_json(msg="the python psycopg2 module is required")
db = module.params["db"]
port = module.params["port"]
owner = module.params["owner"]
template = module.params["template"]
encoding = module.params["encoding"]
lc_collate = module.params["lc_collate"]
lc_ctype = module.params["lc_ctype"]
state = module.params["state"]
sslrootcert = module.params["ssl_rootcert"]
changed = False
# To use defaults values, keyword arguments must be absent, so
# check which values are empty and don't include in the **kw
# dictionary
params_map = {
"login_host":"host",
"login_user":"******",
"login_password":"******",
"port":"port",
"ssl_mode":"sslmode",
"ssl_rootcert":"sslrootcert"
}
kw = dict( (params_map[k], v) for (k, v) in iteritems(module.params)
if k in params_map and v != '' and v is not None)
# If a login_unix_socket is specified, incorporate it here.
is_localhost = "host" not in kw or kw["host"] == "" or kw["host"] == "localhost"
if is_localhost and module.params["login_unix_socket"] != "":
kw["host"] = module.params["login_unix_socket"]
try:
pgutils.ensure_libs(sslrootcert=module.params.get('ssl_rootcert'))
db_connection = psycopg2.connect(database="postgres", **kw)
# Enable autocommit so we can create databases
if psycopg2.__version__ >= '2.4.2':
db_connection.autocommit = True
else:
db_connection.set_isolation_level(psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT)
cursor = db_connection.cursor(cursor_factory=psycopg2.extras.DictCursor)
except pgutils.LibraryError:
e = get_exception()
module.fail_json(msg="unable to connect to database: {0}".format(str(e)), exception=traceback.format_exc())
except TypeError:
e = get_exception()
if 'sslrootcert' in e.args[0]:
module.fail_json(msg='Postgresql server must be at least version 8.4 to support sslrootcert. Exception: {0}'.format(e), exception=traceback.format_exc())
module.fail_json(msg="unable to connect to database: %s" % e, exception=traceback.format_exc())
except Exception:
e = get_exception()
module.fail_json(msg="unable to connect to database: %s" % e, exception=traceback.format_exc())
try:
if module.check_mode:
if state == "absent":
changed = db_exists(cursor, db)
elif state == "present":
changed = not db_matches(cursor, db, owner, template, encoding, lc_collate, lc_ctype)
module.exit_json(changed=changed, db=db)
if state == "absent":
try:
changed = db_delete(cursor, db)
except SQLParseError:
e = get_exception()
module.fail_json(msg=str(e))
elif state == "present":
try:
changed = db_create(cursor, db, owner, template, encoding, lc_collate, lc_ctype)
except SQLParseError:
e = get_exception()
module.fail_json(msg=str(e))
except NotSupportedError:
e = get_exception()
module.fail_json(msg=str(e))
except SystemExit:
# Avoid catching this on Python 2.4
raise
except Exception:
e = get_exception()
module.fail_json(msg="Database query failed: %s" % e)
module.exit_json(changed=changed, db=db)
def main():
helper = get_connection(
vsys=True,
device_group=True,
rulebase=True,
with_state=True,
with_classic_provider_spec=True,
error_on_firewall_shared=True,
argument_spec=dict(
rule_name=dict(required=True),
source_zone=dict(type='list', elements='str', default=['any']),
source_ip=dict(type='list', elements='str', default=["any"]),
source_user=dict(type='list', elements='str', default=['any']),
hip_profiles=dict(type='list', elements='str', default=['any']),
destination_zone=dict(type='list', elements='str',
default=['any']),
destination_ip=dict(type='list', elements='str', default=["any"]),
application=dict(type='list', elements='str', default=['any']),
service=dict(type='list',
elements='str',
default=['application-default']),
category=dict(type='list', elements='str', default=['any']),
action=dict(
default='allow',
choices=[
'allow', 'deny', 'drop', 'reset-client', 'reset-server',
'reset-both'
],
),
log_setting=dict(),
log_start=dict(type='bool', default=False),
log_end=dict(type='bool', default=True),
description=dict(),
rule_type=dict(default='universal',
choices=['universal', 'intrazone', 'interzone']),
tag_name=dict(type='list', elements='str'),
negate_source=dict(type='bool', default=False),
negate_destination=dict(type='bool', default=False),
disabled=dict(type='bool', default=False),
schedule=dict(),
icmp_unreachable=dict(type='bool'),
disable_server_response_inspection=dict(type='bool',
default=False),
group_profile=dict(),
antivirus=dict(),
spyware=dict(),
vulnerability=dict(),
url_filtering=dict(),
file_blocking=dict(),
wildfire_analysis=dict(),
data_filtering=dict(),
target=dict(type='list', elements='str'),
negate_target=dict(type='bool'),
location=dict(choices=['top', 'bottom', 'before', 'after']),
existing_rule=dict(),
commit=dict(type='bool', default=False),
# TODO(gfreeman) - remove this in the next role release.
devicegroup=dict(),
),
)
module = AnsibleModule(
argument_spec=helper.argument_spec,
supports_check_mode=True,
required_one_of=helper.required_one_of,
)
# TODO(gfreeman) - remove when devicegroup is removed.
if module.params['devicegroup'] is not None:
module.deprecate(
'Param "devicegroup" is deprecated; use "device_group"',
version='3.0.0',
collection_name='paloaltonetworks.panos')
if module.params['device_group'] is not None:
msg = [
'Both "devicegroup" and "device_group" are specified',
'Specify one or the other, not both.',
]
module.fail_json(msg='. '.join(msg))
module.params['device_group'] = module.params['devicegroup']
# Verify imports, build pandevice object tree.
parent = helper.get_pandevice_parent(module)
# Set the SecurityRule object params.
rule_spec = {
'name':
module.params['rule_name'],
'fromzone':
module.params['source_zone'],
'tozone':
module.params['destination_zone'],
'source':
module.params['source_ip'],
'source_user':
module.params['source_user'],
'hip_profiles':
module.params['hip_profiles'],
'destination':
module.params['destination_ip'],
'application':
module.params['application'],
'service':
module.params['service'],
'category':
module.params['category'],
'action':
module.params['action'],
'log_setting':
module.params['log_setting'],
'log_start':
module.params['log_start'],
'log_end':
module.params['log_end'],
'description':
module.params['description'],
'type':
module.params['rule_type'],
'tag':
module.params['tag_name'],
'negate_source':
module.params['negate_source'],
'negate_destination':
module.params['negate_destination'],
'disabled':
module.params['disabled'],
'schedule':
module.params['schedule'],
'icmp_unreachable':
module.params['icmp_unreachable'],
'disable_server_response_inspection':
module.params['disable_server_response_inspection'],
'group':
module.params['group_profile'],
'virus':
module.params['antivirus'],
'spyware':
module.params['spyware'],
'vulnerability':
module.params['vulnerability'],
'url_filtering':
module.params['url_filtering'],
'file_blocking':
module.params['file_blocking'],
'wildfire_analysis':
module.params['wildfire_analysis'],
'data_filtering':
module.params['data_filtering'],
'target':
module.params['target'],
'negate_target':
module.params['negate_target'],
}
# Other module info.
location = module.params['location']
existing_rule = module.params['existing_rule']
commit = module.params['commit']
# Retrieve the current rules.
try:
rules = SecurityRule.refreshall(parent, add=False)
except PanDeviceError as e:
module.fail_json(msg='Failed refresh: {0}'.format(e))
# Create new rule object from the params.
new_rule = SecurityRule(**rule_spec)
parent.add(new_rule)
# Which action shall we take on the rule object?
changed, diff = helper.apply_state(new_rule, rules, module)
# Move the rule to the correct spot, if applicable.
if module.params['state'] == 'present':
changed |= helper.apply_position(new_rule, location, existing_rule,
module)
# Optional commit.
if changed and commit:
helper.commit(module)
# Done.
module.exit_json(changed=changed, diff=diff, msg='Done')
def main():
argument_spec = ovirt_full_argument_spec(
state=dict(
choices=['running', 'stopped', 'present', 'absent', 'suspended', 'next_run'],
default='present',
),
name=dict(default=None),
id=dict(default=None),
cluster=dict(default=None),
template=dict(default=None),
template_version=dict(default=None, type='int'),
use_latest_template_version=dict(default=None, type='bool'),
disks=dict(default=[], type='list'),
memory=dict(default=None),
memory_guaranteed=dict(default=None),
cpu_sockets=dict(default=None, type='int'),
cpu_cores=dict(default=None, type='int'),
cpu_shares=dict(default=None, type='int'),
type=dict(choices=['server', 'desktop']),
operating_system=dict(
default=None,
choices=[
'rhel_6_ppc64', 'other', 'freebsd', 'windows_2003x64', 'windows_10',
'rhel_6x64', 'rhel_4x64', 'windows_2008x64', 'windows_2008R2x64',
'debian_7', 'windows_2012x64', 'ubuntu_14_04', 'ubuntu_12_04',
'ubuntu_13_10', 'windows_8x64', 'other_linux_ppc64', 'windows_2003',
'other_linux', 'windows_10x64', 'windows_2008', 'rhel_3', 'rhel_5',
'rhel_4', 'other_ppc64', 'sles_11', 'rhel_6', 'windows_xp', 'rhel_7x64',
'freebsdx64', 'rhel_7_ppc64', 'windows_7', 'rhel_5x64',
'ubuntu_14_04_ppc64', 'sles_11_ppc64', 'windows_8',
'windows_2012R2x64', 'windows_2008r2x64', 'ubuntu_13_04',
'ubuntu_12_10', 'windows_7x64',
],
),
cd_iso=dict(default=None),
boot_devices=dict(default=None, type='list'),
high_availability=dict(type='bool'),
stateless=dict(type='bool'),
delete_protected=dict(type='bool'),
force=dict(type='bool', default=False),
nics=dict(default=[], type='list'),
cloud_init=dict(type='dict'),
cloud_init_nics=dict(defaul=[], type='list'),
sysprep=dict(type='dict'),
host=dict(default=None),
clone=dict(type='bool', default=False),
clone_permissions=dict(type='bool', default=False),
kernel_path=dict(default=None),
initrd_path=dict(default=None),
kernel_params=dict(default=None),
instance_type=dict(default=None),
description=dict(default=None),
comment=dict(default=None),
timezone=dict(default=None),
serial_policy=dict(default=None, choices=['vm', 'host', 'custom']),
serial_policy_value=dict(default=None),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
check_sdk(module)
check_params(module)
try:
state = module.params['state']
connection = create_connection(module.params.pop('auth'))
vms_service = connection.system_service().vms_service()
vms_module = VmsModule(
connection=connection,
module=module,
service=vms_service,
)
vm = vms_module.search_entity()
control_state(vm, vms_service, module)
if state == 'present' or state == 'running' or state == 'next_run':
sysprep = module.params['sysprep']
cloud_init = module.params['cloud_init']
cloud_init_nics = module.params['cloud_init_nics'] or []
if cloud_init is not None:
cloud_init_nics.append(cloud_init)
# In case VM don't exist, wait for VM DOWN state,
# otherwise don't wait for any state, just update VM:
vms_module.create(
entity=vm,
result_state=otypes.VmStatus.DOWN if vm is None else None,
clone=module.params['clone'],
clone_permissions=module.params['clone_permissions'],
)
ret = vms_module.action(
action='start',
post_action=vms_module._post_start_action,
action_condition=lambda vm: (
vm.status not in [
otypes.VmStatus.MIGRATING,
otypes.VmStatus.POWERING_UP,
otypes.VmStatus.REBOOT_IN_PROGRESS,
otypes.VmStatus.WAIT_FOR_LAUNCH,
otypes.VmStatus.UP,
otypes.VmStatus.RESTORING_STATE,
]
),
wait_condition=lambda vm: vm.status == otypes.VmStatus.UP,
# Start action kwargs:
use_cloud_init=cloud_init is not None or len(cloud_init_nics) > 0,
use_sysprep=sysprep is not None,
vm=otypes.Vm(
placement_policy=otypes.VmPlacementPolicy(
hosts=[otypes.Host(name=module.params['host'])]
) if module.params['host'] else None,
initialization=_get_initialization(sysprep, cloud_init, cloud_init_nics),
os=otypes.OperatingSystem(
cmdline=module.params.get('kernel_params'),
initrd=module.params.get('initrd_path'),
kernel=module.params.get('kernel_path'),
),
),
)
if state == 'next_run':
# Apply next run configuration, if needed:
vm = vms_service.vm_service(ret['id']).get()
if vm.next_run_configuration_exists:
ret = vms_module.action(
action='reboot',
entity=vm,
action_condition=lambda vm: vm.status == otypes.VmStatus.UP,
wait_condition=lambda vm: vm.status == otypes.VmStatus.UP,
)
elif state == 'stopped':
vms_module.create(
result_state=otypes.VmStatus.DOWN if vm is None else None,
clone=module.params['clone'],
clone_permissions=module.params['clone_permissions'],
)
if module.params['force']:
ret = vms_module.action(
action='stop',
post_action=vms_module._attach_cd,
action_condition=lambda vm: vm.status != otypes.VmStatus.DOWN,
wait_condition=lambda vm: vm.status == otypes.VmStatus.DOWN,
)
else:
ret = vms_module.action(
action='shutdown',
pre_action=vms_module._pre_shutdown_action,
post_action=vms_module._attach_cd,
action_condition=lambda vm: vm.status != otypes.VmStatus.DOWN,
wait_condition=lambda vm: vm.status == otypes.VmStatus.DOWN,
)
elif state == 'suspended':
vms_module.create(
result_state=otypes.VmStatus.DOWN if vm is None else None,
clone=module.params['clone'],
clone_permissions=module.params['clone_permissions'],
)
ret = vms_module.action(
action='suspend',
pre_action=vms_module._pre_suspend_action,
action_condition=lambda vm: vm.status != otypes.VmStatus.SUSPENDED,
wait_condition=lambda vm: vm.status == otypes.VmStatus.SUSPENDED,
)
elif state == 'absent':
ret = vms_module.remove()
module.exit_json(**ret)
except Exception as e:
module.fail_json(msg=str(e), exception=traceback.format_exc())
finally:
connection.close(logout=False)
def main():
module = AnsibleModule(
argument_spec=dict(
src=dict(type='path'),
deployment=dict(type='str', required=True),
deploy_path=dict(type='path', default=DEFAULT_DEPLOY_PATH),
state=dict(type='str', choices=['absent', 'present'], default='present'),
),
required_if=[('state', 'present', ('src',))],
supports_check_mode=True
)
result = dict(changed=False)
src = module.params['src']
deployment = module.params['deployment']
deploy_path = module.params['deploy_path']
state = module.params['state']
if not os.path.exists(deploy_path):
module.fail_json(msg="deploy_path does not exist.")
if state == 'absent' and src:
module.warn('Parameter src is ignored when state=absent')
elif state == 'present' and not os.path.exists(src):
module.fail_json(msg='Source file %s does not exist.' % src)
deployed = is_deployed(deploy_path, deployment)
# === when check_mode ===
if module.check_mode:
if state == 'present':
if not deployed:
result['changed'] = True
elif deployed:
if module.sha1(src) != module.sha1(os.path.join(deploy_path, deployment)):
result['changed'] = True
elif state == 'absent' and deployed:
result['changed'] = True
module.exit_json(**result)
# =======================
if state == 'present' and not deployed:
if is_failed(deploy_path, deployment):
# Clean up old failed deployment
os.remove(os.path.join(deploy_path, "%s.failed" % deployment))
module.preserved_copy(src, os.path.join(deploy_path, deployment))
while not deployed:
deployed = is_deployed(deploy_path, deployment)
if is_failed(deploy_path, deployment):
module.fail_json(msg='Deploying %s failed.' % deployment)
time.sleep(1)
result['changed'] = True
if state == 'present' and deployed:
if module.sha1(src) != module.sha1(os.path.join(deploy_path, deployment)):
os.remove(os.path.join(deploy_path, "%s.deployed" % deployment))
module.preserved_copy(src, os.path.join(deploy_path, deployment))
deployed = False
while not deployed:
deployed = is_deployed(deploy_path, deployment)
if is_failed(deploy_path, deployment):
module.fail_json(msg='Deploying %s failed.' % deployment)
time.sleep(1)
result['changed'] = True
if state == 'absent' and deployed:
os.remove(os.path.join(deploy_path, "%s.deployed" % deployment))
while deployed:
deployed = not is_undeployed(deploy_path, deployment)
if is_failed(deploy_path, deployment):
module.fail_json(msg='Undeploying %s failed.' % deployment)
time.sleep(1)
result['changed'] = True
module.exit_json(**result)
def main():
argspec = dict(state=dict(required=True,
choices=["present", "absent"],
type="str"),
id=dict(required=False, type="int"),
name=dict(required=False, type="str"),
ip_address=dict(required=False, type="str"),
address_version=dict(required=False,
choices=["ipv4", "ipv6"],
type="str",
default="ipv4"),
type=dict(required=False,
choices=["ipaddress", "group"],
type="str",
default="ipaddress"),
members=dict(required=False, type="list", elements="str"))
module = AnsibleModule(argument_spec=argspec, supports_check_mode=True)
space_request = SpaceRequest(module, )
sd_address_manager = SDAddressMgr(module, )
# Gather address details to determine if address exists
if module.params["id"]:
address = sd_address_manager.get_address_by_id(module.params["id"])
elif module.params["name"]:
address = sd_address_manager.get_address(name=module.params["name"])
else:
module.fail_json(msg='You must provide either an id or a name')
if to_text(module.params["state"]) == "present":
#check params
if not module.params["name"]:
module.fail_json(msg='You must provide a name')
elif not module.params["ip_address"] and not module.params[
"type"] == "group": #only require IP addres if this isn't a group
module.fail_json(msg='You must provide an IP address')
if module.params[
"type"] == "group" and module.params["members"] is None:
module.fail_json(
msg=
'You must provide at least one member if the address type is GROUP'
)
space_request.headers = {
"Accept": "application/json",
"Content-Type": "application/json"
}
# Create the address body
body = dict(
address={
"definition_type": "CUSTOM",
"associated_metadata": "",
"name": module.params["name"],
"description": "",
"address_type": module.params["type"].upper(),
"address_version": module.params["address_version"].upper(),
"host_name": ""
})
# Add member-refs if necessary
if module.params["type"] == "group":
address_refs = []
for member in module.params["members"]:
response = sd_address_manager.get_address(name=member)
if response is not None:
# address_refs.append(dict(name=response[0]['name'], uuid=response[0]['uuid']))
response[0].pop('uri', None)
address_refs.append(response[0])
else:
module.fail_json(msg="Could not find member with name: {}".
format(member))
body['address']['address_refs'] = address_refs
else:
# only set ip_address key if this isn't a group
body['address']['ip_address'] = module.params["ip_address"]
# Logic for changing an existing address
if address:
# make a copy
patch_address = dict(address=address[0].copy())
#update the patch with the prepared body
patch_address['address'].update(body['address'])
#compare for differences
if address[0] == patch_address['address']:
module.exit_json(msg='Address already up to date',
address=address[0],
changed=False)
else:
code, response = space_request.put(
"/api/juniper/sd/address-management/v5/address/{0}".format(
address[0]["uuid"]),
payload=json.dumps(patch_address))
module.exit_json(msg='Address updated',
address=response['address'],
changed=True)
if address[0]["address-type"] == "GROUP":
for member in body["address"]["address_refs"]:
if not any(d["uuid"] == member["uuid"] for d in a):
pass # update body with edit-version and set method to PUT
module.exit_json(msg='Address already present',
address=address[0],
changed=False)
code, response = space_request.post(
"/api/juniper/sd/address-management/v5/address",
payload=json.dumps(body))
module.exit_json(address=response['address'], changed=True)
elif module.params["state"] == "absent":
if not address:
module.exit_json(msg="Address already absent",
address=address,
changed=False)
else:
space_request.headers = {
"Accept":
"application/vnd.net.juniper.space.address-management.address+json;version=1"
}
space_request.expect_json = False
code, response = space_request.delete(
"/api/juniper/sd/address-management/addresses/{0}".format(
address[0]["uuid"]),
status_codes="204, 500")
if code == 204:
module.exit_json(changed=True)
elif code == 500:
module.fail_json(
msg=
"Could not delete the address. Most likely it is in use by another group or policy.",
response=response)
def main():
argument_spec = postgres_common_argument_spec()
argument_spec.update(
name=dict(required=True),
db=dict(type='str', aliases=['login_db']),
connection=dict(required=True, type='str'),
state=dict(type='str',
default='present',
choices=['absent', 'present']),
publication=dict(type='list', required=True),
#todo add another arguments
#tables=dict(type='list'),
parameters=dict(type='dict'),
owner=dict(type='str'),
#cascade=dict(type='bool', default=False),
)
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
pprint.pprint('temp log: start')
pprint.pprint('temp log: module:' + str(module))
# Parameters handling:
name = module.params['name']
state = module.params['state']
connection = module.params['connection']
publication = module.params['publication']
params = module.params['parameters']
owner = module.params['owner']
# todo add checks
#tables = module.params['tables']
#params = module.params['parameters']
#owner = module.params['owner']
#cascade = module.params['cascade']
#if state == 'absent':
# if tables:
# module.warn('parameter "tables" is ignored when "state=absent"')
# if params:
# module.warn('parameter "parameters" is ignored when "state=absent"')
# if owner:
# module.warn('parameter "owner" is ignored when "state=absent"')
#if state == 'present' and cascade:
# module.warm('parameter "cascade" is ignored when "state=present"')
# Connect to DB and make cursor object:
conn_params = get_conn_params(module, module.params)
# We check publication state without DML queries execution, so set autocommit:
db_connection = connect_to_db(module, conn_params, autocommit=True)
cursor = db_connection.cursor(cursor_factory=DictCursor)
# Check version:
if cursor.connection.server_version < SUPPORTED_PG_VERSION:
module.fail_json(
msg="PostgreSQL server version should be 10.0 or greater")
# Nothing was changed by default:
changed = False
###################################
# Create object and do rock'n'roll:
subscription = PgSubscription(module, cursor, name, connection,
publication)
#if tables:
# tables = transform_tables_representation(tables)
pprint.pprint('temp log: module.check_mode' + str(module.check_mode))
# If module.check_mode=True, nothing will be changed:
if state == 'present':
if not subscription.exists:
changed = subscription.create(params,
owner,
check_mode=module.check_mode)
else:
changed = publication.update(tables,
params,
owner,
check_mode=module.check_mode)
elif state == 'absent':
changed = publication.drop(cascade=cascade,
check_mode=module.check_mode)
# Get final publication info:
pub_fin_info = {}
if state != 'absent' or (state == 'absent' and module.check_mode):
pub_fin_info = publication.get_info()
elif state == 'absent' and not module.check_mode:
publication.exists = False
# Connection is not needed any more:
cursor.close()
db_connection.close()
# Update publication info and return ret values:
module.exit_json(changed=changed,
queries=publication.executed_queries,
exists=publication.exists,
**pub_fin_info)
def main():
mkeyname = 'name'
fields = {
"access_token": {"required": False, "type": "str", "no_log": True},
"vdom": {"required": False, "type": "str", "default": "root"},
"state": {"required": False, "type": "str",
"choices": ["present", "absent"]},
"firewall_ssh_host_key": {
"required": False, "type": "dict", "default": None,
"options": {
"state": {"required": False, "type": "str",
"choices": ["present", "absent"]},
"hostname": {"required": False, "type": "str"},
"ip": {"required": False, "type": "str"},
"name": {"required": True, "type": "str"},
"nid": {"required": False, "type": "str",
"choices": ["256",
"384",
"521"]},
"port": {"required": False, "type": "int"},
"public_key": {"required": False, "type": "str"},
"status": {"required": False, "type": "str",
"choices": ["trusted",
"revoked"]},
"type": {"required": False, "type": "str",
"choices": ["RSA",
"DSA",
"ECDSA",
"ED25519",
"RSA-CA",
"DSA-CA",
"ECDSA-CA",
"ED25519-CA"]}
}
}
}
check_legacy_fortiosapi()
module = AnsibleModule(argument_spec=fields,
supports_check_mode=False)
versions_check_result = None
if module._socket_path:
connection = Connection(module._socket_path)
if 'access_token' in module.params:
connection.set_option('access_token', module.params['access_token'])
fos = FortiOSHandler(connection, module, mkeyname)
is_error, has_changed, result = fortios_firewall_ssh(module.params, fos)
versions_check_result = connection.get_system_version()
else:
module.fail_json(**FAIL_SOCKET_MSG)
if versions_check_result and versions_check_result['matched'] is False:
module.warn("Ansible has detected version mismatch between FortOS system and galaxy, see more details by specifying option -vvv")
if not is_error:
if versions_check_result and versions_check_result['matched'] is False:
module.exit_json(changed=has_changed, version_check_warning=versions_check_result, meta=result)
else:
module.exit_json(changed=has_changed, meta=result)
else:
if versions_check_result and versions_check_result['matched'] is False:
module.fail_json(msg="Error in repo", version_check_warning=versions_check_result, meta=result)
else:
module.fail_json(msg="Error in repo", meta=result)
def main():
module = AnsibleModule(
argument_spec=dict(
account_key=dict(required=True, no_log=True),
account_secret=dict(required=True, no_log=True),
domain=dict(required=True),
sandbox=dict(default=False, type='bool'),
state=dict(required=True, choices=['present', 'absent']),
record_name=dict(required=False),
record_type=dict(required=False, choices=[
'A', 'AAAA', 'CNAME', 'ANAME', 'HTTPRED', 'MX', 'NS', 'PTR', 'SRV', 'TXT']),
record_value=dict(required=False),
record_ttl=dict(required=False, default=1800, type='int'),
monitor=dict(default=False, type='bool'),
systemDescription=dict(default=''),
maxEmails=dict(default=1, type='int'),
protocol=dict(default='HTTP', choices=['TCP', 'UDP', 'HTTP', 'DNS', 'SMTP', 'HTTPS']),
port=dict(default=80, type='int'),
sensitivity=dict(default='Medium', choices=['Low', 'Medium', 'High']),
contactList=dict(default=None),
httpFqdn=dict(required=False),
httpFile=dict(required=False),
httpQueryString=dict(required=False),
failover=dict(default=False, type='bool'),
autoFailover=dict(default=False, type='bool'),
ip1=dict(required=False),
ip2=dict(required=False),
ip3=dict(required=False),
ip4=dict(required=False),
ip5=dict(required=False),
validate_certs=dict(default=True, type='bool'),
),
required_together=[
['record_value', 'record_ttl', 'record_type']
],
required_if=[
['failover', True, ['autoFailover', 'port', 'protocol', 'ip1', 'ip2']],
['monitor', True, ['port', 'protocol', 'maxEmails', 'systemDescription', 'ip1']]
]
)
protocols = dict(TCP=1, UDP=2, HTTP=3, DNS=4, SMTP=5, HTTPS=6)
sensitivities = dict(Low=8, Medium=5, High=3)
DME = DME2(module.params["account_key"], module.params[
"account_secret"], module.params["domain"], module.params["sandbox"], module)
state = module.params["state"]
record_name = module.params["record_name"]
record_type = module.params["record_type"]
record_value = module.params["record_value"]
# Follow Keyword Controlled Behavior
if record_name is None:
domain_records = DME.getRecords()
if not domain_records:
module.fail_json(
msg="The requested domain name is not accessible with this api_key; try using its ID if known.")
module.exit_json(changed=False, result=domain_records)
# Fetch existing record + Build new one
current_record = DME.getMatchingRecord(record_name, record_type, record_value)
new_record = {'name': record_name}
for i in ["record_value", "record_type", "record_ttl"]:
if not module.params[i] is None:
new_record[i[len("record_"):]] = module.params[i]
# Special handling for mx record
if new_record["type"] == "MX":
new_record["mxLevel"] = new_record["value"].split(" ")[0]
new_record["value"] = new_record["value"].split(" ")[1]
# Special handling for SRV records
if new_record["type"] == "SRV":
new_record["priority"] = new_record["value"].split(" ")[0]
new_record["weight"] = new_record["value"].split(" ")[1]
new_record["port"] = new_record["value"].split(" ")[2]
new_record["value"] = new_record["value"].split(" ")[3]
# Fetch existing monitor if the A record indicates it should exist and build the new monitor
current_monitor = dict()
new_monitor = dict()
if current_record and current_record['type'] == 'A' and current_record.get('monitor'):
current_monitor = DME.getMonitor(current_record['id'])
# Build the new monitor
for i in ['monitor', 'systemDescription', 'protocol', 'port', 'sensitivity', 'maxEmails',
'contactList', 'httpFqdn', 'httpFile', 'httpQueryString',
'failover', 'autoFailover', 'ip1', 'ip2', 'ip3', 'ip4', 'ip5']:
if module.params[i] is not None:
if i == 'protocol':
# The API requires protocol to be a numeric in the range 1-6
new_monitor['protocolId'] = protocols[module.params[i]]
elif i == 'sensitivity':
# The API requires sensitivity to be a numeric of 8, 5, or 3
new_monitor[i] = sensitivities[module.params[i]]
elif i == 'contactList':
# The module accepts either the name or the id of the contact list
contact_list_id = module.params[i]
if not contact_list_id.isdigit() and contact_list_id != '':
contact_list = DME.getContactListByName(contact_list_id)
if not contact_list:
module.fail_json(msg="Contact list {0} does not exist".format(contact_list_id))
contact_list_id = contact_list.get('id', '')
new_monitor['contactListId'] = contact_list_id
else:
# The module option names match the API field names
new_monitor[i] = module.params[i]
# Compare new record against existing one
record_changed = False
if current_record:
for i in new_record:
# Remove leading and trailing quote character from values because TXT records
# are surrounded by quotes.
if str(current_record[i]).strip('"') != str(new_record[i]):
record_changed = True
new_record['id'] = str(current_record['id'])
monitor_changed = False
if current_monitor:
for i in new_monitor:
if str(current_monitor.get(i)) != str(new_monitor[i]):
monitor_changed = True
# Follow Keyword Controlled Behavior
if state == 'present':
# return the record if no value is specified
if "value" not in new_record:
if not current_record:
module.fail_json(
msg="A record with name '%s' does not exist for domain '%s.'" % (record_name, module.params['domain']))
module.exit_json(changed=False, result=dict(record=current_record, monitor=current_monitor))
# create record and monitor as the record does not exist
if not current_record:
record = DME.createRecord(DME.prepareRecord(new_record))
if new_monitor.get('monitor') and record_type == "A":
monitor = DME.updateMonitor(record['id'], DME.prepareMonitor(new_monitor))
module.exit_json(changed=True, result=dict(record=record, monitor=monitor))
else:
module.exit_json(changed=True, result=dict(record=record, monitor=current_monitor))
# update the record
updated = False
if record_changed:
DME.updateRecord(current_record['id'], DME.prepareRecord(new_record))
updated = True
if monitor_changed:
DME.updateMonitor(current_monitor['recordId'], DME.prepareMonitor(new_monitor))
updated = True
if updated:
module.exit_json(changed=True, result=dict(record=new_record, monitor=new_monitor))
# return the record (no changes)
module.exit_json(changed=False, result=dict(record=current_record, monitor=current_monitor))
elif state == 'absent':
changed = False
# delete the record (and the monitor/failover) if it exists
if current_record:
DME.deleteRecord(current_record['id'])
module.exit_json(changed=True)
# record does not exist, return w/o change.
module.exit_json(changed=changed)
else:
module.fail_json(
msg="'%s' is an unknown value for the state argument" % state)
def main():
argument_spec = dict(
local_file=dict(type='str'),
remote_file=dict(type='str'),
file_system=dict(required=False, default='bootflash:'),
connect_ssh_port=dict(required=False, type='int', default=22),
file_pull=dict(type='bool', default=False),
file_pull_timeout=dict(type='int', default=300),
local_file_directory=dict(required=False, type='str'),
remote_scp_server=dict(type='str'),
remote_scp_server_user=dict(type='str'),
remote_scp_server_password=dict(no_log=True),
)
argument_spec.update(nxos_argument_spec)
required_if = [("file_pull", True, ["remote_file", "remote_scp_server"]),
("file_pull", False, ["local_file"])]
required_together = [['remote_scp_server',
'remote_scp_server_user',
'remote_scp_server_password']]
module = AnsibleModule(argument_spec=argument_spec,
required_if=required_if,
required_together=required_together,
supports_check_mode=True)
file_pull = module.params['file_pull']
if file_pull:
if not HAS_PEXPECT:
module.fail_json(
msg='library pexpect is required when file_pull is True but does not appear to be '
'installed. It can be installed using `pip install pexpect`'
)
else:
if not HAS_PARAMIKO:
module.fail_json(
msg='library paramiko is required when file_pull is False but does not appear to be '
'installed. It can be installed using `pip install paramiko`'
)
if not HAS_SCP:
module.fail_json(
msg='library scp is required when file_pull is False but does not appear to be '
'installed. It can be installed using `pip install scp`'
)
warnings = list()
check_args(module, warnings)
results = dict(changed=False, warnings=warnings)
local_file = module.params['local_file']
remote_file = module.params['remote_file']
file_system = module.params['file_system']
local_file_directory = module.params['local_file_directory']
results['transfer_status'] = 'No Transfer'
results['file_system'] = file_system
if file_pull:
src = remote_file.split('/')[-1]
local = local_file or src
if not module.check_mode:
copy_file_from_remote(module, local, local_file_directory, file_system=file_system)
results['transfer_status'] = 'Received'
results['changed'] = True
results['remote_file'] = src
results['local_file'] = local
else:
if not local_file_exists(module):
module.fail_json(msg="Local file {0} not found".format(local_file))
dest = remote_file or os.path.basename(local_file)
remote_exists = remote_file_exists(module, dest, file_system=file_system)
if not remote_exists:
results['changed'] = True
file_exists = False
else:
file_exists = True
if not module.check_mode and not file_exists:
transfer_file_to_device(module, dest)
results['transfer_status'] = 'Sent'
results['local_file'] = local_file
if remote_file is None:
remote_file = os.path.basename(local_file)
results['remote_file'] = remote_file
module.exit_json(**results)
