def run_module():
module_args = dict(
interface=dict(type='str', required=True),
description=dict(type='str', required=False),
admin_stat=dict(type='bool', required=False),
qos_policy=dict(type='str', required=False),
qos_direction=dict(type='str', required=False, default='QPPD_INBOUND',
choices=['QPPD_INBOUND','QPPD_OUTBOUND']),
state=dict(type='str', required=False, default='create',
choices=['create','delete']),
acl_id=dict(type='str', required=False),
acl_type=dict(type='str', required=False, default='AT_STANDARD_IPV4',
choices=['AT_STANDARD_IPV4','AT_EXTENDED_IPV4','AT_CONNECTION_RATE_FILTER']),
acl_direction=dict(type='str', required=False, choices=['AD_INBOUND',
'AD_OUTBOUND','AD_CRF']),
)
module_args.update(arubaoss_argument_spec)
result = dict(changed=False,warnings='Not Supported')
module = AnsibleModule(
argument_spec=module_args,
supports_check_mode=True
)
if module.check_mode:
module.exit_json(**result)
port_url = '/ports/' + str(module.params['interface'])
check_port = get_config(module,port_url)
if not check_port:
result = {'msg': 'Port {} not present on device {}'.format(module.params['interface'],port_url),
'changed':False}
else:
try:
if module.params['qos_policy']:
result = qos(module)
elif module.params['acl_id']:
result = acl(module)
else:
result = config_port(module)
except Exception as err:
return module.fail_json(msg=err)
module.exit_json(**result)
def config_vlan_dhcpHelperAddress(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
if params['helper_addresses'] == "":
return {
'msg': "DHCP Helper IP Addr cannot be null",
'changed': False,
'failed': True
}
else:
data['dhcp_helper_address'] = {
'version': params['version'],
'octets': params['helper_addresses']
}
url = "/vlans/dhcp-relay"
del_url = url + '/' + str(
params['vlan_id']) + '-' + params['helper_addresses']
# Check if the passed vlan is configured
check_presence = get_config(module, "/vlans/" + str(params['vlan_id']))
if not check_presence:
return {
'msg': 'Cannot configure Helper Address without Vlan configured',
'changed': False,
'failed': True
}
else:
if params['config'] == "create":
method = 'POST'
else:
url = del_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=del_url)
return result
def config_ntp(module):
params = module.params
data = {}
# Check if timesync is set to NTP
check_presence = get_config(module, "/config/timesync")
newdata = json.loads(check_presence)
if not 'ntp' in newdata:
return {
'msg': 'timesync should be set to NTP',
'changed': False,
'failed': False
}
# Parameters
data['broadcast'] = params['broadcast']
#data['unicast'] = params['unicast']
data['max-association'] = {
'cmd_no_form': params['cmd_no_form'],
'max-association_value': params['association_value']
}
if params['config'] == "create":
data['enable'] = True
else:
data['enable'] = False
if params['trap_cmd_no_form'] == "True" and params['trap_value'] == "":
return {
'msg': 'trap-value cannot be null',
'changed': False,
'failed': False
}
else:
data['trap'] = [{'cmd_no_form': params['trap_cmd_no_form'], \
'trap_value': params['trap_value']}]
# URI
url = "/config/ntp"
method = "PUT"
#print data
# Config
result = run_commands(module, url, data, method, check=url)
return result
def authorization_group(module):
params = module.params
data = {}
# URI
url = "/authorization_group"
get_url = url + "/" + params['group_name'] + "-" + str(params['seq_num'])
if params['config'] == "create":
method = "POST"
else:
method = "DELETE"
url = get_url
data['group_name'] = params['group_name']
data['seq_num'] = params['seq_num']
if method == "POST":
if params['match_cmd'] != "":
data['match_cmd'] = '\"' + params['match_cmd'] + '\"'
else:
data['match_cmd'] = ""
data['cmd_permission'] = params['cmd_permission']
data['is_log_enabled'] = params['is_log_enabled']
check_presence = get_config(module, get_url)
if check_presence:
# Sequence exists
if method == "POST":
return {
'msg': 'The sequence exists.',
'changed': False,
'failed': False
}
else:
# Sequence does not exist
if method == "DELETE":
return {
'msg': 'The sequence does not exist.',
'changed': False,
'failed': False
}
# Config
result = run_commands(module, url, data, method)
return result
def config_vlan(module):
params = module.params
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': False
}
else:
data = {'vlan_id': params['vlan_id']}
if params['name'] == "":
return {
'msg': "vlan name cannot be null",
'changed': False,
'failed': False
}
else:
data['name'] = params['name']
data['status'] = params['status']
data['type'] = params['vlantype']
data['is_jumbo_enabled'] = params['is_jumbo_enabled']
data['is_voice_enabled'] = params['is_voice_enabled']
data['is_dsnoop_enabled'] = params['is_dsnoop_enabled']
data['is_dhcp_server_enabled'] = params['is_dhcp_server_enabled']
data['is_management_vlan'] = params['is_management_vlan']
config_url = "/vlans/" + str(params['vlan_id'])
if params['config'] == "create":
check_presence = get_config(module, "/vlans/params['vlan_id']")
if not check_presence:
url = "/vlans"
method = 'POST'
else:
url = "/vlans/" + str(params['vlan_id'])
method = 'PUT'
else:
url = config_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=config_url)
return result
def host(module):
params = module.params
url = '/snmp-server/hosts'
for key in ['host_ip', 'version']:
if not params[key]:
return {
'msg': 'Missing {} in parameter list'.format(key),
'changed': False
}
check_url = url + '/' + params['host_ip'] + '-' + params['community_name']
if params['state'] == 'create':
check_host = get_config(module, check_url)
if check_host:
method = 'PUT'
url = check_url
else:
method = 'POST'
data = {
'host_ip': {
'octets': params['host_ip'],
'version': params['version']
},
'community': params['community_name'],
'trap_level': params['trap_level'],
'informs': params['informs'],
'use_oobm': params['use_oobm'],
}
if params['informs']:
data.update({
'informs': params['informs'],
'inform_timeout': params['inform_timeout'],
'inform_retries': params['inform_retries']
})
else:
data = {}
method = 'DELETE'
url = check_url
result = run_commands(module, url, data, method, check=check_url)
return result
def authenticator_port_config(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
if params['port_id'] == "":
return {
'msg': 'Port_id cannot be null',
'changed': False,
'failed': False
}
data['is_authenticator_enabled'] = params['is_authenticator_enabled']
data['control'] = params['control']
data['unauthorized_vlan_id'] = params['unauthorized_vlan_id']
data['client_limit'] = params['client_limit']
data['quiet_period'] = params['quiet_period']
data['tx_period'] = params['tx_period']
data['supplicant_timeout'] = params['supplicant_timeout']
data['server_timeout'] = params['server_timeout']
data['max_requests'] = params['max_requests']
data['reauth_period'] = params['reauth_period']
data['authorized_vlan_id'] = params['authorized_vlan_id']
data['logoff_period'] = params['logoff_period']
data['unauth_period'] = params['unauth_period']
data['cached_reauth_period'] = params['cached_reauth_period']
data['enforce_cache_reauth'] = params['enforce_cache_reauth']
url = '/dot1x/authenticator/' + params['port_id']
method = 'PUT'
# Check if authentication is enabled
check_presence = get_config(module, "/dot1x")
if check_presence:
newdata = json.loads(check_presence)
if not newdata["is_dot1x_enabled"]:
return {
'msg':
'Cannot enable port authentication unless dot1x is enabled',
'changed': False,
'failed': False
}
result = run_commands(module, url, data, method, check=url)
return result
def config_syslog(module):
params = module.params
url = '/syslog/servers'
check_url = url + '/' + params['server_address']
if params['state'] == 'delete':
result = run_commands(module,
check_url,
method='DELETE',
check=check_url)
return result
else:
check_syslog = get_config(module, check_url)
if check_syslog:
method = 'PUT'
url = check_url
else:
method = 'POST'
data = {
'ip_address': {
'octets': params['server_address'],
'version': params['version']
},
'transport_protocol': params['protocol'],
}
protocol = params['protocol']
if params['server_port'] == 0:
if protocol == 'TP_UDP':
port = 514
elif protocol == 'TP_TCP':
port = 1470
elif protocol == 'TP_TLS':
port = 6514
data.update({'port': port})
else:
data.update({'port': params['server_port']})
if params['description']:
data.update({'control_description': params['description']})
result = run_commands(module, url, data, method, check=check_url)
return result
def config_timesync(module):
params = module.params
data = {}
# Parameters
timesyncType = params['timesyncType']
data[timesyncType] = True
# URI
url = "/config/timesync"
method = "PUT"
# Check if timesync is set already
check_presence = get_config(module, "/config/timesync")
newdata = json.loads(check_presence)
if timesyncType == 'ntp' and 'ntp' in newdata:
return {
'msg': 'timesync already set to NTP',
'changed': False,
'failed': False
}
elif timesyncType == 'timep' and 'timep' in newdata:
return {
'msg': 'timesync already set to Timep',
'changed': False,
'failed': False
}
elif timesyncType == 'sntp' and 'sntp' in newdata:
return {
'msg': 'timesync already set to SNTP',
'changed': False,
'failed': False
}
elif timesyncType == 'timep-or-sntp' and 'timep-or-sntp' in newdata:
return {
'msg': 'timesync already set to timep or SNTP',
'changed': False,
'failed': False
}
else:
# Config
result = run_commands(module, url, data, method)
return result
def config_radius_server(module):
params = module.params
data = {}
data["radius_server_id"] = params['radius_server_id']
if params['server_ip'] == "" or params['version'] == "":
return {'msg': "IP Address or version cannot be null",
'changed': False, 'failed': False}
else:
data["address"] = {'version': params['version'], 'octets': params['server_ip']}
if params['shared_secret'] == "":
return {'msg': "Shared secret cannot be null",
'changed': False, 'failed': False}
else:
data["shared_secret"] = params['shared_secret']
data["authentication_port"] = params['authentication_port']
data["accounting_port"] = params['accounting_port']
data["is_dyn_authorization_enabled"] = params['is_dyn_authorization_enabled']
data["time_window_type"] = params['time_window_type']
data["time_window"] = params['time_window']
data["is_oobm"] = params['is_oobm']
create_url = '/radius_servers'
check_url = '/radius_servers/' + str(params['radius_server_id'])
if params['config'] == "create":
# Check if it already exists
check_presence = get_config(module, check_url)
if not check_presence:
url = create_url
method = 'POST'
else:
url = check_url
method = 'PUT'
else:
url = check_url
method = 'DELETE'
result = run_commands(module, url, data, method,check=check_url)
return result
def update_rate_limit_attributes_onPort(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
data['traffic_type'] = params['traffic_type']
data['direction'] = params['direction']
data['rate_limit'] = params['rate_limit']
# Rate limit should be in kbps or percent
if params['rate_limit_in_kbps'] == 0:
data['rate_limit'] = {
'rate_limit_in_percent': params['rate_limit_in_percent']
}
else:
data['rate_limit'] = {
'rate_limit_in_kbps': params['rate_limit_in_kbps']
}
url = '/ports/rate_limit/' + str(params['port_id']) + "-" + str(
params['traffic_type']) + "-" + str(params['direction'])
method = 'PUT'
# Idempotency check: Check if already configured
diffSeen = False
check_presence = get_config(module, url)
newdata = json.loads(check_presence)
for key in data:
if not newdata[key] == data[key]:
diffSeen = True
if params['rate_limit_in_percent'] == 0 and newdata[key][
'rate_limit_in_percent'] == None:
diffSeen = False
if params['rate_limit_in_kbps'] == 0 and newdata[key][
'rate_limit_in_kbps'] == None:
diffSeen = False
break
if diffSeen:
result = run_commands(module, url, data, method)
return result
else:
return {'msg': 'Already configured', 'changed': False, 'failed': False}
def update_vlan(module):
params = module.params
url = '/loop_protect/vlans/' + str(params['vlan'])
vlan_url = '/vlans/' + str(params['vlan'])
check_vlan = get_config(module,vlan_url)
if not check_vlan:
return {'msg': 'Vlan {} not configured'.format(params['vlan']),
'changed':False}
data = {
'vlan_id': params['vlan'],
'is_vlan_loop_protected': params['loop_protected'],
}
result = run_commands(module, url, data, 'PUT',check=url)
return result
def config_radius_profile(module):
params = module.params
data = {}
data['retry_interval'] = params['retry_interval']
data['retransmit_attempts'] = params['retransmit_attempts']
data['dyn_autz_port'] = params['dyn_autz_port']
data['key'] = params['key']
data['tracking_uname'] = params['tracking_uname']
data['is_tracking_enabled'] = params['is_tracking_enabled']
check_presence = get_config(module, '/radius_profile')
if check_presence:
newdata = json.loads(check_presence)
if params['dead_time'] == 0:
data['dead_time'] = None
else:
data['dead_time'] = params['dead_time']
if params['is_tracking_enabled'] == True:
if params['dead_time'] != 0:
return {
'msg':
"dead_time should be set to 0 when is_tracking_enabled to be changed to true",
'changed': False,
'failed': False
}
else:
if newdata['is_tracking_enabled'] == True and params['dead_time'] != 0:
return {
'msg':
"dead_time should be set to 0 to disable is_tracking_enabled",
'changed': False,
'failed': False
}
data['cppm_details'] = params['cppm_details']
url = '/radius_profile'
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def update_port(module):
params = module.params
url = '/loop_protect/ports/' + params['interface']
port_url = '/ports/' + str(params['interface'])
check_port = get_config(module,port_url)
if not check_port:
return {'msg': 'Port {} not present on device'.format(params['interface']),
'changed':False}
data = {
'port_id': params['interface'],
'is_loop_protection_enabled': params['loop_protected'],
'receiver_action': params['receiver_action']
}
result = run_commands(module, url, data, 'PUT',check=url)
return result
def wait_to_copy(module):
params = module.params
file_url = params['file_url'].split('/')
file_name = file_url[len(file_url) - 1]
final_result = ""
wait = 1
while wait <= params['copy_iter']:
check_presence = get_config(module, "/file-transfer/status")
if not check_presence:
final_result = 'FILE TRANSFER CHECK FAILED'
else:
newdata = json.loads(check_presence)
final_result = newdata['status']
if newdata['status'] == 'FTS_IN_PROGRESS':
sleep(10)
wait += 1
continue
else:
break
return final_result
def config_poe_port(module):
params = module.params
data = {}
data['port_id'] = params['port_id']
data['is_poe_enabled'] = params['is_poe_enabled']
data['poe_priority'] = params['poe_priority']
data['poe_allocation_method'] = params['poe_allocation_method']
data['port_configured_type'] = params['port_configured_type']
data['pre_standard_detect_enabled'] = params['pre_standard_detect_enabled']
# allocated_power_in_watts can be set only when poe_allocation_method is PPAM_VALUE
if params['poe_allocation_method'] == "PPAM_VALUE":
data['allocated_power_in_watts'] = params['allocated_power_in_watts']
# Check if port_id is null
if params['port_id'] == "":
return {
'msg': 'port_id cannot be null',
'changed': False,
'failed': False
}
url = '/ports/' + str(params['port_id']) + '/poe'
method = 'PUT'
diffSeen = False
check_presence = get_config(module, url)
newdata = json.loads(check_presence)
for key in data:
if not newdata[key] == data[key]:
diffSeen = True
break
if diffSeen:
result = run_commands(module, url, data, method, check=url)
return result
else:
return {'msg': 'Already Configured', 'changed': False, 'failed': False}
def configMacAuthOnPort(module):
params = module.params
data = {}
if params['port_id'] == "":
return {
'msg': "Port Id cannot be null",
'changed': False,
'failed': False
}
else:
data['port_id'] = params['port_id']
data['reauthenticate'] = params['reauthenticate']
data['mac_address_limit'] = params['mac_address_limit']
data['is_mac_authentication_enabled'] = params[
'is_mac_authentication_enabled']
# Verify if the vlans are already present
if params['unauthorized_vlan_id']:
check_presence = get_config(
module, "/vlans/" + str(params['unauthorized_vlan_id']))
if not check_presence:
return {
'msg': 'Cannot unauthorize the vlan without Vlan configured',
'changed': False,
'failed': False
}
else:
data['unauthorized_vlan_id'] = params['unauthorized_vlan_id']
url = '/mac-authentication/port/' + str(params['port_id'])
method = 'PUT'
result = run_commands(module, url, data, method, check=url)
return result
def config_tacacs_server(module):
params = module.params
data = {}
if params['ip_address'] == "" or params['version'] == "":
return {
'msg': "IP Address or version cannot be null",
'changed': False,
'failed': False
}
else:
data["server_ip"] = {
"version": params['version'],
"octets": params['ip_address']
}
data["auth_key"] = params['auth_key']
data["is_oobm"] = params['is_oobm']
create_url = '/tacacs_profile/server'
check_url = '/tacacs_profile/server/' + str(params['ip_address'])
if params['config'] == "create":
check_presence = get_config(
module, '/tacacs_profile/server/' + str(params['ip_address']))
if not check_presence:
url = create_url
method = 'POST'
else:
url = check_url
method = 'PUT'
else:
url = check_url
method = 'DELETE'
result = run_commands(module, url, data, method, check=check_url)
return result
def config_captive_portal(module):
params = module.params
url = '/captive_portal'
if params['state'] == 'create':
data = {'is_captive_portal_enabled': params['enable_captive_portal']}
if params.get('url_hash_key') != None:
data['url_hash_key'] = params['url_hash_key']
if params['profile_name']:
data['custom_profile'] = {
'profile': params['profile_name'],
'url': params['server_url']
}
result = run_commands(module, url, data, 'PUT', url)
else:
result = get_config(module, url)
return result
def config_spanning_tree_port(module):
params = module.params
data = {}
if params['port_id'] == "":
return {
'msg': 'Port Id cannot be null',
'changed': False,
'failed': False
}
else:
data['port_id'] = params['port_id']
data['priority'] = params['priority']
data['is_enable_admin_edge_port'] = params['is_enable_admin_edge_port']
data['is_enable_bpdu_protection'] = params['is_enable_bpdu_protection']
data['is_enable_bpdu_filter'] = params['is_enable_bpdu_filter']
data['is_enable_root_guard'] = params['is_enable_root_guard']
url = "/stp/ports/" + str(params['port_id'])
# Check if spanning tree is enabled
check_presence = get_config(module, '/stp')
if check_presence:
method = 'PUT'
else:
return {
'msg':
'Cannot configure MST on port without spanning tree enabled',
'changed': False,
'failed': False
}
result = run_commands(module, url, data, method, check=url)
return result
def check_acl_rule_exists(module):
result = False
params = module.params
acl_id = params['acl_name'] + '~' + params['acl_type']
url = '/acls/' + acl_id + '/rules'
acl_rule = get_config(module, url)
if acl_rule:
check_config = module.from_json(to_text(acl_rule))
if check_config['collection_result']['total_elements_count'] == 0:
return result
for ele in check_config['acl_rule_element']:
if ele['acl_action'] != params['acl_action']:
continue
if params['acl_type'] == 'AT_EXTENDED_IPV4':
print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
protocol_type = ele['traffic_match']['protocol_type']
source_ip_address = ele['traffic_match']['source_ip_address'][
'octets']
source_ip_mask = ele['traffic_match']['source_ip_mask'][
'octets']
destination_ip_address = ele['traffic_match'][
'destination_ip_address']['octets']
destination_ip_mask = ele['traffic_match'][
'destination_ip_mask']['octets']
if protocol_type != params['protocol_type'] or \
source_ip_address != params['source_ip_address'] or \
source_ip_mask != params['source_ip_mask'] or \
destination_ip_address != params['destination_ip_address'] or \
destination_ip_mask != params['destination_ip_mask']:
continue
if params['protocol_type'] == 'PT_ICMP':
if params['icmp_type'] > -1 and ele['traffic_match'][
'icmp_type']:
if ele['traffic_match']['icmp_type'] != params[
'icmp_type']:
continue
if params['icmp_code'] > -1 and ele['traffic_match'][
'icmp_code']:
if ele['traffic_match']['icmp_code'] != params[
'icmp_code']:
continue
elif params['protocol_type'] == 'PT_IGMP':
if params['igmp_type'] and ele['traffic_match'][
'igmp_type']:
if ele['traffic_match']['igmp_type'] != params[
'igmp_type']:
continue
elif params['protocol_type'] == 'PT_TCP':
if params['is_connection_established'] and ele[
'traffic_match']['is_connection_established']:
if ele['traffic_match'][
'is_connection_established'] != params[
'is_connection_established']:
continue
if params['match_bit'] and ele['traffic_match'][
'match_bit']:
if ele['traffic_match']['match_bit'] != params[
'match_bit']:
continue
elif params['protocol_type'] in ('PT_SCTP', 'PT_TCP',
'PT_UDP'):
if params['source_port'] and ele['traffic_match'][
'source_port']:
if ele['traffic_match']['source_port'] != params[
'source_port']:
continue
if params['destination_port'] and ele['traffic_match'][
'destination_port']:
if ele['traffic_match']['destination_port'] != params[
'destination_port']:
continue
if params['precedence'] and ele['traffic_match']['precedence']:
if ele['traffic_match']['precedence'] != params[
'precedence']:
continue
if params['tos'] and ele['traffic_match']['tos']:
if ele['traffic_match']['tos'] != params['tos']:
continue
if params['is_log'] is not None and ele['is_log']:
if ele['is_log'] != params['is_log']:
continue
else:
if params['acl_source_address'] == 'host':
source_ip_mask = '255.255.255.255'
source_ip_address = '0.0.0.0'
else:
source_ip_address = params['acl_source_address']
source_ip_mask = params['acl_source_mask']
if source_ip_address != ele['std_source_address'][
'source_ip_address']['octets']:
continue
if source_ip_mask != ele['std_source_address'][
'source_ip_mask']['octets']:
continue
#Return True as we checked all values found to be matching.
return True
#End of for loop, Searched all entries no match found.
return result
def acl_rule(module):
params = module.params
acl_id = params['acl_name'] + '~' + params['acl_type']
url = '/acls/' + acl_id + '/rules'
# Create acl if not to apply actions
if params['state'] == 'create':
acl(module)
data = {}
if params['state'] == 'create':
data.update({
'acl_id': acl_id,
'acl_action': params['acl_action'],
})
if params['remark']:
data['remark'] = params['remark']
if params['is_log'] != None:
data['is_log'] = params['is_log']
if params['acl_type'] == 'AT_EXTENDED_IPV4':
for key in [
'source_ip_address', 'source_ip_mask',
'destination_ip_address', 'destination_ip_mask'
]:
if params.get(key) == None:
return {
'msg':
'{} is required for extended acl policy'.format(key),
'changed': False
}
protocol = params.get('protocol_type')
if not protocol:
return {'msg': 'protocol_type is required', 'changed': False}
version = 'IAV_IP_V4'
data.update({
"traffic_match": {
"protocol_type": params['protocol_type'],
"source_ip_address": {
"version": version,
"octets": params['source_ip_address']
},
"source_ip_mask": {
"version": version,
"octets": params['source_ip_mask']
},
"destination_ip_address": {
"version": version,
"octets": params['destination_ip_address']
},
"destination_ip_mask": {
"version": version,
"octets": params['destination_ip_mask']
}
}
})
if protocol == 'PT_ICMP':
if params['icmp_type'] > -1:
data['traffic_match']['icmp_type'] = params['icmp_type']
if params['icmp_code'] > -1:
data['traffic_match']['icmp_code'] = params['icmp_code']
if protocol == 'PT_IGMP':
if params['igmp_type']:
data['traffic_match']['igmp_type'] = params['igmp_type']
if protocol == 'PT_TCP':
if params['is_connection_established']:
data['traffic_match'][
'is_connection_established'] = params[
'is_connection_established']
if params['match_bit']:
data['traffic_match']['match_bit'] = params['match_bit']
if protocol in ('PT_SCTP', 'PT_TCP', 'PT_UDP'):
if params['source_port']:
data['traffic_match']['source_port'] = params[
'source_port']
if params['destination_port']:
data['traffic_match']['destination_port'] = params[
'destination_port']
if params['precedence']:
data['traffic_match']['precedence'] = params['precedence']
if params['tos']:
data['traffic_match']['tos'] = params['tos']
if params['is_log'] != None:
data['is_log'] = params['is_log']
else:
if params['acl_source_address'] == 'host':
source_mask = '255.255.255.255'
source_ip = '0.0.0.0'
else:
source_ip = params['acl_source_address']
source_mask = params['acl_source_mask']
data.update({
'std_source_address': {
'source_ip_address': {
'version': 'IAV_IP_V4',
'octets': source_ip,
},
'source_ip_mask': {
'version': 'IAV_IP_V4',
'octets': source_mask,
}
}
})
#Check idempotency for duplicate ip values
if check_acl_rule_exists(module) == True:
return {'msg': 'ACL Rule entry already present', 'changed': False}
# Without sequence_no configuration
if params['sequence_no'] == 0:
result = run_commands(module, url, data, 'POST')
return result
# With sequence_no configuration
else:
get_url = url + '/' + str(params['sequence_no'])
acl_rule_config = get_config(module, get_url)
if acl_rule_config:
check_config = module.from_json(to_text(acl_rule_config))
if params['sequence_no'] == check_config['sequence_no']:
result = run_commands(module,
get_url,
data,
'PUT',
check=get_url)
return result
else:
data.update({'sequence_no': params['sequence_no']})
result = run_commands(module, url, data, 'POST')
return result
else:
if params['sequence_no'] == 0:
return {'msg': 'sequence_no is required', 'changed': False}
url = url + '/' + str(params['sequence_no'])
result = run_commands(module, url, {}, 'DELETE', check=url)
return result
def acl(module):
params = module.params
url = '/acls'
acl_id = params['acl_name'] + '~' + params['acl_type']
check_url = url + '/' + acl_id
if params['state'] == 'create':
data = {
'acl_name': params['acl_name'],
'acl_type': params['acl_type'],
}
check_list = set(['AT_EXTENDED_IPV4','AT_STANDARD_IPV4','AT_CONNECTION_RATE_FILTER'])\
- set([params['acl_type']])
for temp in check_list:
temp_url = url + '/' + params['acl_name'] + '~' + temp
check_acl = get_config(module, temp_url)
if check_acl:
result = {
'msg':
'{} already exists for type {}.'.format(
params['acl_name'], temp),
'changed':
False
}
module.exit_json(**result)
method = 'POST'
else:
# Check if acl is applied to any port
port_url = '/ports-access-groups'
port_acl = get_config(module, port_url)
if port_acl:
check_config = module.from_json(to_text(port_acl))
for ele in check_config['acl_port_policy_element']:
if ele['acl_id'] == acl_id:
return {
'msg':
'ACL {} applied to port {}'.format(
params['acl_name'], ele['port_id']),
'changed':
False
}
# Check if acl is applied to any vlan
vlan_url = '/vlans-access-groups'
vlan_acl = get_config(module, vlan_url)
if vlan_acl:
check_config = module.from_json(to_text(vlan_acl))
for ele in check_config['acl_vlan_policy_element']:
if ele['acl_id'] == acl_id:
result = {
'msg':
'ACL {} applied to vlan {}'.format(
params['acl_name'], ele['vlan_id']),
'changed':
False
}
module.exit_json(**result)
data = {}
method = 'DELETE'
url = check_url
result = run_commands(module, url, data, method, check=check_url)
return result
def traffic_class_match(module):
params = module.params
class_id = params['class_name'] + '~' + params['class_type']
url = '/qos/traffic-classes/' + class_id
# Create traffic class if not present
traffic_class(module)
if params['class_type'] == 'QCT_IP_V4':
version = 'IAV_IP_V4'
else:
version = 'IAV_IP_V6'
match_url = url + '/matches'
if params['sequence_no'] > 0:
url = match_url + '/' + str(params['sequence_no'])
method = 'PUT'
else:
url = match_url
method = 'POST'
if params['state'] == 'create':
protocol = params.get('protocol_type')
if not protocol:
return {'msg': 'protocol_type is required', 'changed': False}
data = {
'traffic_class_id': class_id,
'entry_type': params['entry_type'],
}
if params['dscp_value']:
data['dscp_value'] = params['dscp_value']
data.update({
"traffic_match": {
"protocol_type": params['protocol_type'],
"source_ip_address": {
"version": version,
"octets": params['source_ip_address']
},
"source_ip_mask": {
"version": version,
"octets": params['source_ip_mask']
},
"destination_ip_address": {
"version": version,
"octets": params['destination_ip_address']
},
"destination_ip_mask": {
"version": version,
"octets": params['destination_ip_mask']
}
}
})
if protocol == 'PT_ICMP':
if params['icmp_type'] > -1:
data['traffic_match']['icmp_type'] = params['icmp_type']
if params['icmp_code'] > -1:
data['traffic_match']['icmp_code'] = params['icmp_code']
if protocol == 'PT_IGMP':
if params['igmp_type']:
data['traffic_match']['igmp_type'] = params['igmp_type']
if protocol == 'PT_TCP':
if params['match_bit']:
data['traffic_match']['match_bit'] = params['match_bit']
if protocol in ('PT_SCTP', 'PT_TCP', 'PT_UDP'):
if params['source_port']:
data['traffic_match']['source_port'] = params['source_port']
if params['destination_port']:
data['traffic_match']['destination_port'] = params[
'destination_port']
if params['precedence']:
data['traffic_match']['precedence'] = params['precedence']
if params['tos']:
data['traffic_match']['tos'] = params['tos']
qos_config = get_config(module, match_url)
if qos_config:
print("HERE")
check_config = module.from_json(to_text(qos_config))
print("CHECK", check_config)
for config in check_config['qos_class_match_element']:
if config['traffic_match']['protocol_type'] == 'PT_TCP':
config['traffic_match'].pop('is_connection_established')
if params['entry_type'] == config['entry_type'] and \
config['traffic_match'] == data['traffic_match']:
ret = {'changed': False}
ret.update(config)
return ret
result = run_commands(module, url, data, method)
message = result.get('body') or None
if message:
if 'Duplicate' in message or 'Configuration Failed' in message:
result = {'changed': False}
result['failed'] = False
result['message'] = message
result.update(data)
return result
else:
result = run_commands(module, url, {}, 'DELETE', check=url)
return result
def ip_auth(module):
params = module.params
url = '/ip_auth'
if params['auth_id']:
url = url + '/' + str(params['auth_id'])
if params['state'] == 'create':
if not params['mask'] or not params['auth_ip']:
return {'msg': 'Required args: auth_ip, mask', 'changed': False}
data = {
'auth_ip': {
'octets': params['auth_ip'],
'version': 'IAV_IP_V4'
},
'auth_ip_mask': {
'octets': params['mask'],
'version': 'IAV_IP_V4',
},
'access_role': params['access_role'],
'access_method': params['access_method']
}
if not params['auth_id']:
auth_check = get_config(module, url)
if auth_check:
check_config = module.from_json(to_text(auth_check))
total = 0
check = 0
for ele in check_config['ip_auth_element']:
for key in data:
if key in ele:
if ele[key] != data[key]:
check += 1
break
total = check_config['collection_result'][
'total_elements_count']
print("COUNT", total, check)
diff = total - check
if (total > 1 and diff == 1) or (total == 1 and check == 0):
return {
'msg': 'Ip auth rule already exists.',
'changed': False
}
result = run_commands(module, url, data, 'POST')
else:
result = run_commands(module, url, data, 'PUT', check=url)
else:
if not params['auth_id']:
return {
'msg': 'auth_id is required for deletion',
'changed': False
}
result = run_commands(module, url, {}, 'DELETE', check=url)
return result
def qos_class(module):
params = module.params
policy_id = params['policy_name'] + '~' + params['policy_type']
url = '/qos/policies/' + policy_id + '/policy-actions'
# Create qos if not to apply actions
if params['state'] == 'create':
qos(module)
method = 'POST'
if params['sequence_no'] > 0:
temp = url + '/' + str(params['sequence_no'])
if get_config(module, temp):
url = url + '/' + str(params['sequence_no'])
method = 'PUT'
if params['state'] == 'create':
class_id = params['class_name'] + '~' + params['class_type']
class_url = '/qos/traffic-classes/' + class_id
if not get_config(module, class_url):
return {'msg': 'class does not exist', 'changed': False}
if params['action_value'] == -1 or not params['action']:
return {
'msg': 'action and action_type are required',
'changed': False
}
action = params['action']
action_value = params['action_value']
data = {
'policy_id': policy_id,
'traffic_class_id': class_id,
'first_action': {
'action_type': action,
},
}
if params['sequence_no'] > 0:
data['sequence_no'] = params['sequence_no']
if action == 'QPAT_RATE_LIMIT':
data['first_action']['rate_limit_in_kbps'] = action_value
elif action == 'QPAT_DSCP_VALUE':
data['first_action']['new_dscp_value'] = action_value
else:
data['first_action']['new_priority'] = action_value
qos_config = get_config(module, url)
if qos_config:
check_config = module.from_json(to_text(qos_config))
if params['sequence_no'] == 0:
for config in check_config['qos_policy_action_element']:
if class_id == config['traffic_class_id']:
return config
elif params['sequence_no'] > 0:
if check_config.get(
'traffic_class_id'
) and class_id == check_config['traffic_class_id']:
return check_config
result = run_commands(module, url, data, method)
else:
if params['sequence_no'] == 0:
return {'msg': 'sequence_no is required', 'changed': False}
else:
url = url + '/' + str(params['sequence_no'])
result = run_commands(module, url, {}, 'DELETE', check=url)
return result
def config_ntp_keyId(module):
params = module.params
data = {}
include_cred = False
encrypt_cred = False
# Verify ntp is enabled
if config_present(module, "/config/ntp", "enable", True) is False:
return {
'msg': 'NTP should be enabled',
'changed': False,
'failed': True
}
# Verify include credentials is enabled
if config_present(module, "/system/include-credentials",
"include_credentials_in_response",
"ICS_DISABLED") is False:
include_cred = True
# Verify include credentials is enabled
if config_present(module, "/system/encrypt-credentials", "encryption",
"ECS_DISABLED") is False:
encrypt_cred = True
if not (encrypt_cred or include_cred):
return {
'msg': 'Enable Encrypt Credentials or Include Credentials to'
' use or configure key-id authentication',
'changed': False,
'failed': True
}
# URI
check_url = "/config/ntp/authentication/key-id/int/" + str(params['keyId'])
url = "/config/ntp/authentication/key-id/int"
if params['config'] == "delete":
check_presence = get_config(module, "/config/ntp/server/ip4addr")
if check_presence:
newdata = json.loads(check_presence)
if len(newdata['ntpServerIp4addr_element']) != 0:
for ipadd_ele in newdata['ntpServerIp4addr_element']:
if ipadd_ele['ip4addr']['ip4addr_reference']['key-id'][
'key-id_value'] == params['keyId']:
return {
'msg':
'NTP Server IP should be cleared befere deleting NTP Key ID',
'changed': False,
'failed': True
}
url = check_url
method = "DELETE"
data = ""
result = run_commands(module, url, data, method)
return result
# This returns an empty list if encrypt credentials is not enabled
# This does not properly check if the key-id exists
# Verify if key is already a trusted entry
check_presence = get_config(module, check_url)
if check_presence:
newdata = json.loads(check_presence)
if params['authenticationMode'] in newdata['int']['int_reference'][
'authentication-mode'].keys():
return {
'msg': 'Key-ID {} exists'.format(params['keyId']),
'changed': False,
'failed': False
}
if params['keyValue'] == "":
return {
'msg': 'KeyValue parameter is mandatory',
'changed': False,
'failed': True
}
# Parameters
data["int"] = {
"int_value": int(params['keyId']),
"int_reference": {
"authentication-mode": {
params['authenticationMode']: {
"key-value": {
"key": {
"key_reference": {
"trusted": params['trusted']
},
"key_value": params['keyValue']
}
}
}
}
}
}
# Config
if params['config'] == "create":
# check if already present
check_presence = get_config(module, check_url)
if not check_presence:
method = "POST"
else:
url = check_url
method = "PUT"
# This will fail if key-id exists already, looking into a try/except
result = run_commands(module, url, data, method, check=check_url)
return result
def config_ntp_ipv4addr(module):
params = module.params
ip4_addr = "ip4addr"
ip4_addr_val = "ip4addr_value"
ip4_addr_ref = "ip4addr_reference"
server = "server"
address = str(params['ntp_ip4addr'])
try:
socket.inet_aton(params['ntp_ip4addr'])
except:
check_presence = get_config(module, "/dns")
newdata = json.loads(check_presence)
value = [
newdata["server_1"], newdata["server_2"], newdata["server_3"],
newdata["server_4"]
]
if value.count(None) == 4:
return {
'msg':
'A DNS server must be configured before configuring NTP unicast server name',
'changed': False,
'failed': True
}
ip4_addr = "ASCII-STR"
ip4_addr_ref = "ASCII-STR_reference"
ip4_addr_val = "ASCII-STR_value"
server = "server-name"
address = "%22" + str(params['ntp_ip4addr']) + "%22"
# Verify ntp is enabled
if (config_present(module, "/config/ntp", "enable", True) == False):
return {
'msg': 'NTP should be enabled',
'changed': False,
'failed': True
}
data = {}
if params['ntp_ip4addr'] is "":
return {
'msg': 'IP Address cannot be null',
'changed': False,
'failed': True
}
else:
data[ip4_addr] = {
ip4_addr_ref: {
'max-poll': {
'max-poll_value': params['maxpoll_value']
},
'min-poll': {
'min-poll_value': params['minpoll_value']
},
},
ip4_addr_val: params['ntp_ip4addr']
}
if params['keyId'] and params['keyId'] is not 0:
# This returns an empty list if encrypt credentials is not enabled
# Verify the key is trusted
check_presence = get_config(
module,
"/config/ntp/authentication/key-id/int/" + str(params['keyId']))
if not check_presence:
return {
'msg':
'Authentication key-id {} needs to be configured to configure ipv4 server'
.format(params['keyId']),
'changed':
False,
'failed':
True
}
keyVal = {}
keyVal = {'key-id': {'key-id_value': params['keyId']}}
data[ip4_addr][ip4_addr_ref].update(keyVal)
# Configuring burst ot iburst
if params['mode'] == "burst" or params['mode'] == "iburst":
mode = {}
mode = {params['mode']: True}
data[ip4_addr][ip4_addr_ref].update(mode)
# Configuring OOBM
if params['use_oobm'] is True:
use_oobm = {}
use_oobm = {'oobm': params['use_oobm']}
data[ip4_addr][ip4_addr_ref].update(use_oobm)
# URIs
url = "/config/ntp/" + server + "/" + ip4_addr
check_url = url + "/" + address
# idempotency check for ipv4addr addition
diffseen = False
check_presence = get_config(module, check_url)
if check_presence:
newdata = json.loads(check_presence)
for key in data:
if key == "ASCII-STR":
# host name comes in the format "\"time2.google.com\"".
# So removing '\"' to compare.
newdata[key][ip4_addr_val] = newdata[key][ip4_addr_val].strip(
'\"')
if not newdata[key] == data[key]:
diffseen = True
break
else:
diffseen = True
if params['config'] == "create":
# If a difference in desired state delete old configuration
if diffseen:
run_commands(module, check_url, data, method='DELETE')
# Check if a server ip is already configured
check_presence = get_config(module, check_url)
if not check_presence:
method = 'POST'
else:
method = 'PUT'
url = check_url
elif params['config'] == "delete":
url = check_url
method = 'DELETE'
else:
return {
'msg': 'Valid config options are : create and delete',
'changed': False,
'failed': True
}
# When address is in host name format, "check" in run_commands will not work.
# so adding the additional check to verify idempotency
if ip4_addr == "ASCII-STR" and diffseen == False and method != 'DELETE':
return {
'msg': 'Configuration already exists',
'changed': False,
'failed': False
}
result = run_commands(module, url, data, method, check=check_url)
try:
if result['status'] == 400:
newdata = json.loads(result['body'])
return {
'msg': newdata['config_error'][0]['error'],
'changed': False,
'failed': True
}
else:
return result
except:
return result
def config_vlan_ipaddress(module):
params = module.params
data = {}
# Parameters
if params['vlan_id'] == "":
return {
'msg': "vlan_id cannot be null",
'changed': False,
'failed': True
}
else:
data = {'vlan_id': params['vlan_id']}
if params['ip_address_mode'] == "IAAM_STATIC" and params[
'config'] == "create":
if params['version'] == "" or params['vlan_ip_address'] == "":
return {
'msg': "IP Address or version cannot be null",
'changed': False,
'failed': True
}
else:
data['ip_address'] = {
'version': params['version'],
'octets': params['vlan_ip_address']
}
if params['version'] == "" or params['vlan_ip_mask'] == "":
return {
'msg': "Subnet mask or version cannot be null",
'changed': False,
'failed': True
}
else:
data['ip_mask'] = {
'version': params['version'],
'octets': params['vlan_ip_mask']
}
data['ip_address_mode'] = params['ip_address_mode']
# URLs
url = "/vlans/" + str(params['vlan_id']) + "/ipaddresses"
# Check if the passed vlan is configured
check_presence_vlan = get_config(module, url)
if not check_presence_vlan:
return {
'msg': 'Cannot configure IP Address without Vlan configured',
'changed': False,
'failed': True
}
else:
if params['config'] == "create":
check_presence = get_config(module, url)
newdata = json.loads(check_presence)
# Check if IP already configured
if params['ip_address_mode'] == "IAAM_STATIC":
if newdata['collection_result']['total_elements_count'] == 1:
if newdata['ip_address_subnet_element'][0]['ip_address'][
'octets'] == params['vlan_ip_address']:
return {
'msg':
'The ip address is already present on switch',
'changed': False,
'failed': False
}
else:
method = 'DELETE'
result = run_commands(module, url, data, method)
# Create the ip address on vlan
method = 'POST'
result = run_commands(module, url, data, method)
elif params['config'] == "delete":
check_dhcp_url = "/vlans/" + str(params['vlan_id'])
check_dhcp_enabled = get_config(module, check_dhcp_url)
check_dhcp_enabled = json.loads(check_dhcp_enabled)
if "is_dhcp_server_enabled" in check_dhcp_enabled.keys():
if check_dhcp_enabled["is_dhcp_server_enabled"]:
return {
'msg':
'DHCP server must be disabled on this '
'VLAN {}'.format(params['vlan_id']),
'changed':
False,
'failed':
True
}
method = 'DELETE'
result = run_commands(module, url, data, method)
else:
return {
'msg': 'Valid config options are : create and delete',
'changed': False,
'failed': True
}
return result
def traffic_class(module):
params = module.params
url = '/qos/traffic-classes'
class_id = params['class_name'] + '~' + params['class_type']
check_url = url + '/' + class_id
if params['state'] == 'create':
data = {
'class_name': params['class_name'],
'class_type': params['class_type']
}
method = 'POST'
elif params['state'] == 'delete':
qos_url = '/qos/policies'
qos_config = get_config(module, qos_url)
if qos_config:
check_config = module.from_json(to_text(qos_config))
port_url = '/qos/ports-policies'
port_config = get_config(module, port_url)
if port_config:
port_config = module.from_json(to_text(port_config))
# Check if qos is applied to any vlan
vlan_url = '/qos/vlans-policies'
vlan_config = get_config(module, vlan_url)
if vlan_config:
vlan_config = module.from_json(to_text(vlan_config))
for qos in check_config['qos_policy_element']:
# Check if qos is applied to any port
class_url = qos_url + '/' + qos['id'] + '/policy-actions'
class_config = get_config(module, class_url)
check_class = module.from_json(to_text(class_config))
if check_class:
for qos_action in check_class['qos_policy_action_element']:
if qos_action['traffic_class_id'] == class_id:
for port in port_config['qos_port_policy_element']:
if qos['id'] == port['policy_id']:
return {
'msg':
'Class {} is active in qos policy {} for port {}.\
Remove qos policy first'.format(
class_id, qos['id'],
port['port_id']),
'changed':
False
}
for vlan in vlan_config['qos_vlan_policy_element']:
if qos['id'] == vlan['policy_id']:
return {
'msg':
'Class {} is active in qos policy {} for vlan {}.\
Remove qos policy first'.format(
class_id, qos['id'],
vlan['vlan_id']),
'changed':
False
}
url = check_url
data = {}
method = 'DELETE'
result = run_commands(module, url, data, method, check=check_url)
return result
