def ipfilter_rule_patch(fos_ip_addr, is_https, auth, vfid, result, rules):
"""
update existing ip filter configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
full_url = (HTTPS if is_https else HTTP) +\
fos_ip_addr + REST_IPFILTER_RULE
xml_str = ipfilter_rule_xml_str(result, rules)
result["patch_ipfilter_str"] = xml_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
xml_str)
def cfg_enable(fos_ip_addr, is_https, auth, vfid,
result, checksum, active_cfg):
"""
enable a particular cfg
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param checksum: current checksum of the database
:type checksum: str
:param active_cfg: cfg to be enabled
:type active_cfg: str
:return: code to indicate failure or success
:rtype: int
"""
full_effective_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_EFFECTIVE)
save_str = "<effective-configuration><checksum>" + checksum +\
"</checksum><cfg-name>" + active_cfg +\
"</cfg-name></effective-configuration>"
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_effective_url, save_str)
def cfg_disable(fos_ip_addr, is_https, auth, vfid, result, checksum, timeout):
"""
disable zoning transaction
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param vfid: vfid of the switch to be executed
:type vfid: int
:param result: dict to keep track of execution msgs
:type result: dict
:param checksum: current checksum of the database
:type checksum: str
:return: code to indicate failure or success
:rtype: int
"""
full_effective_url, validate_certs = full_url_get(is_https, fos_ip_addr,
REST_EFFECTIVE)
disable_str = "<effective-configuration><cfg-action>"\
"2</cfg-action><checksum>" + checksum +\
"</checksum></effective-configuration>"
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_effective_url, disable_str, timeout)
def singleton_patch(login, password, fos_ip_addr, module_name, obj_name, fos_version, is_https, auth,
vfid, result, new_attributes, ssh_hostkeymust):
"""
update existing user config configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
full_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_PREFIX + module_name + "/" + obj_name)
xml_str = singleton_xml_str(result, obj_name, new_attributes)
result["patch_obj_str"] = xml_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_url, xml_str)
def ipfilter_policy_patch(fos_ip_addr, is_https, auth, vfid, result, policies,
timeout):
"""
update existing ip filter configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
full_url, validate_certs = full_url_get(is_https, fos_ip_addr,
REST_IPFILTER_POLICY)
xml_str = ipfilter_policy_xml_str(result, policies)
result["patch_ipfilter_policy_str"] = xml_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
xml_str, timeout)
def alias_set(fos_ip_addr, is_https, auth, vfid, result, aliases, method):
"""
set aliases in Zone Database
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param aliases: list of aliases to set
:type aliases: list
:param method: "POST", "PATCH", or "DELETE"
:type method: str
:return: code to indicate failure or success
:rtype: int
"""
full_defined_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_DEFINED)
alias_str = "<defined-configuration>"
for alias in aliases:
alias_str = alias_str + "<alias><alias-name>" +\
alias["name"] + "</alias-name>"
if "members" in alias:
alias_str = alias_str + "<member-entry>"
for member in alias["members"]:
alias_str = alias_str + "<alias-entry-name>" +\
member + "</alias-entry-name>"
alias_str = alias_str + "</member-entry>"
alias_str = alias_str + "</alias>"
alias_str = alias_str + "</defined-configuration>"
result["alias_str"] = alias_str
result["method"] = method
if method == "POST":
return url_post(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, alias_str)
elif method == "PATCH":
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, alias_str)
elif method == "DELETE":
return url_delete(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, alias_str)
else:
result["invalid method"] = method
result["failed"] = True
result["msg"] = "url_get_to_dict failed"
return -1
def cfg_set(fos_ip_addr, is_https, auth, vfid, result, cfgs, method):
"""
set cfgs in Zone Database
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param cfgs: list of cfgs to set
:type cfgs: list
:param method: "POST", "PATCH", or "DELETE"
:type method: str
:return: code to indicate failure or success
:rtype: int
"""
full_defined_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_DEFINED)
cfg_str = "<defined-configuration>"
for cfg in cfgs:
cfg_str = cfg_str + "<cfg><cfg-name>" + cfg["name"] + "</cfg-name>"
if "members" in cfg:
cfg_str = cfg_str + "<member-zone>"
for member in cfg["members"]:
cfg_str = cfg_str + "<zone-name>" + member + "</zone-name>"
cfg_str = cfg_str + "</member-zone>"
cfg_str = cfg_str + "</cfg>"
cfg_str = cfg_str + "</defined-configuration>"
# result["cfg_str"] = cfg_str
if method == "POST":
return url_post(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, cfg_str)
elif method == "PATCH":
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, cfg_str)
elif method == "DELETE":
return url_delete(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, cfg_str)
else:
result["invalid method"] = method
result["failed"] = True
result["msg"] = "url_get_to_dict failed"
return -1
def fc_port_patch(fos_ip_addr, is_https, auth, vfid, result, ports, timeout):
"""
update existing port configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param ports: list of ports and associated attributes for update
:type ports: list
:return: code to indicate failure or success
:rtype: int
:return: list of dict of port configurations
:rtype: list
"""
full_fc_port_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_FC)
fc_port_str = ""
for port in ports:
fc_port_str = fc_port_str + "<fibrechannel>"
fc_port_str = fc_port_str + "<name>" + port["name"] + "</name>"
for k, v in port.items():
if k != "name":
k = k.replace("_", "-")
fc_port_str = fc_port_str + "<" + k + ">" +\
str(v) + "</" + k + ">"
fc_port_str = fc_port_str + "</fibrechannel>"
result["fc_port_str"] = fc_port_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_fc_port_url, fc_port_str, timeout)
def syslog_server_patch(fos_ip_addr, is_https, auth, vfid, result, servers):
"""
update existing syslog-server configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
full_url, validate_certs = full_url_get(is_https, fos_ip_addr,
REST_LOGGING_SYSLOG_SERVER)
syslog_str = ""
for server in servers:
syslog_str = syslog_str + "<syslog-server>"
syslog_str = syslog_str + "<server>" + server["server"] + "</server>"
for k, v in server.items():
if k != "server":
k = k.replace("_", "-")
syslog_str = syslog_str + "<" + k + ">" +\
str(v) + "</" + k + ">"
syslog_str = syslog_str + "</syslog-server>"
result["patch_syslog_str"] = syslog_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
syslog_str)
def cfg_abort(fos_ip_addr, is_https, auth, vfid, result):
"""
abort zoning transacdtion
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:return: code to indicate failure or success
:rtype: int
"""
full_effective_url, validate_certs = full_url_get(is_https, fos_ip_addr,
REST_EFFECTIVE)
abort_str = "<effective-configuration><cfg-action>"\
"4</cfg-action></effective-configuration>"
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_effective_url, abort_str)
def cfg_save(fos_ip_addr, is_https, auth, vfid, result, checksum):
"""
save current transaction buffer
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param checksum: current checksum of the database
:type checksum: str
:return: code to indicate failure or success
:rtype: int
"""
full_effective_url = (HTTPS if is_https else HTTP) +\
fos_ip_addr + REST_EFFECTIVE
save_str = "<effective-configuration><checksum>" + checksum +\
"</checksum><cfg-action>1</cfg-action></effective-configuration>"
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_effective_url, save_str)
def zone_set(fos_ip_addr, is_https, auth, vfid, result, zones, method):
"""
set zones in Zone Database
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type auth: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param zones: list of zones to set
:type zones: list
:param method: "POST", "PATCH", or "DELETE"
:type method: str
:return: code to indicate failure or success
:rtype: int
"""
full_defined_url, validate_certs = full_url_get(is_https,
fos_ip_addr,
REST_DEFINED)
zone_str = "<defined-configuration>"
for zone in zones:
zone_str = zone_str + "<zone><zone-name>" +\
zone["name"] + "</zone-name>"
# if zone_type is passed, we are talking about an existing
# zone. keep type type. Otherwise, add the zone type of
# 1 as peer if pmembers are present
if "zone_type" in zone:
zone_str = zone_str + "<zone-type>" + zone["zone_type"] + "</zone-type>"
else:
if "principal_members" in zone and len(zone["principal_members"]) > 0:
zone_str = zone_str + "<zone-type>1</zone-type>"
if "principal_members" in zone or "members" in zone:
zone_str = zone_str + "<member-entry>"
if "principal_members" in zone:
for member in zone["principal_members"]:
zone_str = zone_str + "<principal-entry-name>" +\
member + "</principal-entry-name>"
if "members" in zone:
for member in zone["members"]:
zone_str = zone_str + "<entry-name>" + member + "</entry-name>"
if "principal_members" in zone or "members" in zone:
zone_str = zone_str + "</member-entry>"
zone_str = zone_str + "</zone>"
zone_str = zone_str + "</defined-configuration>"
# result["zone_str"] = zone_str
if method == "POST":
return url_post(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, zone_str)
elif method == "PATCH":
return url_patch(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, zone_str)
elif method == "DELETE":
return url_delete(fos_ip_addr, is_https, auth, vfid, result,
full_defined_url, zone_str)
else:
result["invalid method"] = method
result["failed"] = True
result["msg"] = "url_get_to_dict failed"
return -1
def list_patch(login, password, fos_ip_addr, module_name, list_name,
fos_version, is_https, auth, vfid, result, entries,
ssh_hostkeymust, timeout):
"""
update existing user config configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
if module_name == "brocade_fibrechannel_switch" and list_name == "fibrechannel_switch":
return fc_switch_patch(login, password, fos_ip_addr, fos_version,
is_https, auth, vfid, result, entries[0],
ssh_hostkeymust, timeout)
if module_name == "brocade_interface" and list_name == "fibrechannel":
return fc_port_patch(fos_ip_addr, is_https, auth, vfid, result,
entries, timeout)
if module_name == "brocade_security" and list_name == "user_config":
return user_config_patch(login, password, fos_ip_addr, fos_version,
is_https, auth, vfid, result, entries,
ssh_hostkeymust, timeout)
if module_name == "brocade_snmp" and list_name == "v1_trap":
new_entries = v1_trap_patch(login, password, fos_ip_addr, fos_version,
is_https, auth, vfid, result, entries,
ssh_hostkeymust, timeout)
if len(new_entries) == 0:
return 0
entries = new_entries
if module_name == "brocade_snmp" and list_name == "v3_trap":
new_entries = v3_trap_patch(login, password, fos_ip_addr, fos_version,
is_https, auth, vfid, result, entries,
ssh_hostkeymust, timeout)
if len(new_entries) == 0:
return 0
entries = new_entries
full_url, validate_certs = full_url_get(
is_https, fos_ip_addr, REST_PREFIX + module_name + "/" + list_name)
xml_str = list_xml_str(result, module_name, list_name, entries)
result["patch_str"] = xml_str
# AG always expect nport and fports to be removed from another
# none default port group before being added. So, we go through
# an port group that has nport or fport list being updated,
# clean them out first, then do the normal patch to update to the
# final list
if module_name == "brocade_access_gateway" and list_name == "port_group":
empty_port_groups = []
for port_group in entries:
if "port-group-n-ports" in port_group and port_group[
"port-group-n-ports"] is not None and "n-port" in port_group[
"port-group-n-ports"] and port_group[
"port-group-n-ports"]["n-port"] is not None:
empty_port_groups.append({
"port-group-id":
port_group["port-group-id"],
"port-group-n-ports": {
"n-port": None
}
})
if "port-group-f-ports" in port_group and port_group[
"port-group-f-ports"] is not None and "f-port" in port_group[
"port-group-f-ports"] and port_group[
"port-group-f-ports"]["f-port"] is not None:
empty_port_groups.append({
"port-group-id":
port_group["port-group-id"],
"port-group-f-ports": {
"f-port": None
}
})
if len(empty_port_groups) > 0:
empty_xml_str = list_xml_str(result, module_name, list_name,
empty_port_groups)
result["patch_str_empty_ag"] = empty_xml_str
empty_patch_result = url_patch(fos_ip_addr, is_https, auth, vfid,
result, full_url, empty_xml_str,
timeout)
result["patch_str_empty_ag_result"] = empty_patch_result
# AG always expect fports to be removed from another nport before
# being added. to another nport So, we go through
# an nport map that has fport list being updated,
# clean them out first, then do the normal patch to update to the
# final list
if module_name == "brocade_access_gateway" and list_name == "n_port_map":
empty_n_port_maps = []
for n_port_map in entries:
if "configured-f-port-list" in n_port_map and "f-port" in n_port_map[
"configured-f-port-list"] and n_port_map[
"configured-f-port-list"]["f-port"] is not None:
empty_n_port_maps.append({
"n-port": n_port_map["n-port"],
"configured-f-port-list": {
"f-port": None
}
})
if len(empty_n_port_maps) > 0:
empty_xml_str = list_xml_str(result, module_name, list_name,
empty_n_port_maps)
result["patch_str_empty_ag"] = empty_xml_str
url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
empty_xml_str, timeout)
return (url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
xml_str, timeout))
def user_config_patch(login, password, fos_ip_addr, fos_version, is_https,
auth, vfid, result, users):
"""
update existing user config configurations
:param fos_ip_addr: ip address of FOS switch
:type fos_ip_addr: str
:param is_https: indicate to use HTTP or HTTPS
:type is_https: bool
:param auth: authorization struct from login
:type struct: dict
:param result: dict to keep track of execution msgs
:type result: dict
:param diff_attributes: list of attributes for update
:type ports: dict
:return: code to indicate failure or success
:rtype: int
:return: list of dict of chassis configurations
:rtype: list
"""
l_users = users[:]
if fos_version < "v9.0":
# walk through all the users and check for account-enabled
# if pre 9.0 since the attribute patch is not supported pre
for l_user in l_users:
if "account-enabled" in l_user:
if l_user["account-enabled"] == "true":
rssh, sshstr = ssh_and_configure(
login, password, fos_ip_addr, False,
"userconfig --change " + l_user["name"] + " -e yes",
"")
if rssh != 0:
result["failed"] = True
result["msg"] = "Failed to enable account"
else:
result["changed"] = True
result["messages"] = "account enabled"
elif l_user["account-enabled"] == "false":
rssh, sshstr = ssh_and_configure(
login, password, fos_ip_addr, False,
"userconfig --change " + l_user["name"] + " -e no", "")
if rssh != 0:
result["failed"] = True
result["msg"] = "Failed to disable account"
else:
result["changed"] = True
result["messages"] = "account disabled"
else:
result["failed"] = True
result[
"msg"] = "unknown account-enabled value. Invalid input"
l_user.pop("account-enabled")
rest_users = []
for l_user in l_users:
if len(l_user) > 1:
rest_users.append(l_user)
if len(rest_users) == 0:
return 0
full_url = (HTTPS if is_https else HTTP) +\
fos_ip_addr + REST_USER_CONFIG
xml_str = user_config_xml_str(result, rest_users)
result["patch_user_config_str"] = xml_str
return url_patch(fos_ip_addr, is_https, auth, vfid, result, full_url,
xml_str)
