def check_params(self):
"""Check all input params"""
# check session_name
if not self.session_name:
self.module.fail_json(
msg="Error: Missing required arguments: session_name.")
if self.session_name:
if len(self.session_name) < 1 or len(self.session_name) > 15:
self.module.fail_json(msg="Error: Session name is invalid.")
# check out_if_name
if self.out_if_name:
if not get_interface_type(self.out_if_name):
self.module.fail_json(
msg="Error: Session out_if_name is invalid.")
# check dest_addr
if self.dest_addr:
if not check_ip_addr(self.dest_addr):
self.module.fail_json(
msg="Error: Session dest_addr is invalid.")
# check src_addr
if self.src_addr:
if not check_ip_addr(self.src_addr):
self.module.fail_json(
msg="Error: Session src_addr is invalid.")
# check vrf_name
if self.vrf_name:
if not is_valid_ip_vpn(self.vrf_name):
self.module.fail_json(
msg="Error: Session vrf_name is invalid.")
if not self.dest_addr:
self.module.fail_json(
msg=
"Error: vrf_name and dest_addr must set at the same time.")
# check use_default_ip
if self.use_default_ip and not self.out_if_name:
self.module.fail_json(
msg=
"Error: use_default_ip and out_if_name must set at the same time."
)
def check_default_ip(ipaddr):
"""check the default multicast IP address"""
# The value ranges from 224.0.0.107 to 224.0.0.250
if not check_ip_addr(ipaddr):
return False
if ipaddr.count(".") != 3:
return False
ips = ipaddr.split(".")
if ips[0] != "224" or ips[1] != "0" or ips[2] != "0":
return False
if not ips[3].isdigit() or int(ips[3]) < 107 or int(ips[3]) > 250:
return False
return True
def check_default_ip(ipaddr):
"""check the default multicast IP address"""
# The value ranges from 224.0.0.107 to 224.0.0.250
if not check_ip_addr(ipaddr):
return False
if ipaddr.count(".") != 3:
return False
ips = ipaddr.split(".")
if ips[0] != "224" or ips[1] != "0" or ips[2] != "0":
return False
if not ips[3].isdigit() or int(ips[3]) < 107 or int(ips[3]) > 250:
return False
return True
def check_params(self):
"""Check all input params"""
# check agent_ip
if self.agent_ip:
self.agent_ip = self.agent_ip.upper()
if not check_ip_addr(self.agent_ip):
self.module.fail_json(msg="Error: agent_ip is invalid.")
# check source_ip
if self.source_ip:
self.source_ip = self.source_ip.upper()
if not check_ip_addr(self.source_ip):
self.module.fail_json(msg="Error: source_ip is invalid.")
# check collector
if self.collector_id:
# check collector_ip and collector_ip_vpn
if self.collector_ip:
self.collector_ip = self.collector_ip.upper()
if not check_ip_addr(self.collector_ip):
self.module.fail_json(
msg="Error: collector_ip is invalid.")
if self.collector_ip_vpn and not is_valid_ip_vpn(
self.collector_ip_vpn):
self.module.fail_json(
msg="Error: collector_ip_vpn is invalid.")
# check collector_datagram_size ranges from 1024 to 8100
if self.collector_datagram_size:
if not self.collector_datagram_size.isdigit():
self.module.fail_json(
msg="Error: collector_datagram_size is not digit.")
if int(self.collector_datagram_size) < 1024 or int(
self.collector_datagram_size) > 8100:
self.module.fail_json(
msg=
"Error: collector_datagram_size is not ranges from 1024 to 8100."
)
# check collector_udp_port ranges from 1 to 65535
if self.collector_udp_port:
if not self.collector_udp_port.isdigit():
self.module.fail_json(
msg="Error: collector_udp_port is not digit.")
if int(self.collector_udp_port) < 1 or int(
self.collector_udp_port) > 65535:
self.module.fail_json(
msg=
"Error: collector_udp_port is not ranges from 1 to 65535."
)
# check collector_description 1 to 255 case-sensitive characters
if self.collector_description:
if self.collector_description.count(" "):
self.module.fail_json(
msg=
"Error: collector_description should without spaces.")
if len(self.collector_description) < 1 or len(
self.collector_description) > 255:
self.module.fail_json(
msg=
"Error: collector_description is not ranges from 1 to 255."
)
# check sflow_interface
if self.sflow_interface:
intf_type = get_interface_type(self.sflow_interface)
if not intf_type:
self.module.fail_json(msg="Error: intf_type is invalid.")
if intf_type not in [
'ge', '10ge', '25ge', '4x10ge', '40ge', '100ge',
'eth-trunk'
]:
self.module.fail_json(
msg="Error: interface %s is not support sFlow." %
self.sflow_interface)
# check sample_collector
if self.sample_collector:
self.sample_collector.sort()
if self.sample_collector not in [["1"], ["2"], ["1", "2"]]:
self.module.fail_json(
msg="Error: sample_collector is invalid.")
# check sample_rate ranges from 1 to 4294967295
if self.sample_rate:
if not self.sample_rate.isdigit():
self.module.fail_json(
msg="Error: sample_rate is not digit.")
if int(self.sample_rate) < 1 or int(
self.sample_rate) > 4294967295:
self.module.fail_json(
msg=
"Error: sample_rate is not ranges from 1 to 4294967295."
)
# check sample_length ranges from 18 to 512
if self.sample_length:
if not self.sample_length.isdigit():
self.module.fail_json(
msg="Error: sample_rate is not digit.")
if int(self.sample_length) < 18 or int(
self.sample_length) > 512:
self.module.fail_json(
msg="Error: sample_length is not ranges from 18 to 512."
)
# check counter_collector
if self.counter_collector:
self.counter_collector.sort()
if self.counter_collector not in [["1"], ["2"], ["1", "2"]]:
self.module.fail_json(
msg="Error: counter_collector is invalid.")
# counter_interval ranges from 10 to 4294967295
if self.counter_interval:
if not self.counter_interval.isdigit():
self.module.fail_json(
msg="Error: counter_interval is not digit.")
if int(self.counter_interval) < 10 or int(
self.counter_interval) > 4294967295:
self.module.fail_json(
msg=
"Error: sample_length is not ranges from 10 to 4294967295."
)
if self.rate_limit or self.rate_limit_slot or self.forward_enp_slot:
self.module.fail_json(
msg="Error: The following parameters cannot be configured"
"because XML mode is not supported:rate_limit,rate_limit_slot,forward_enp_slot."
)
def check_base_rule_args(self):
""" Check base rule invalid args """
need_cfg = False
find_flag = False
self.cur_base_rule_cfg["base_rule_info"] = []
if self.acl_name:
if self.state == "absent":
if not self.rule_name:
self.module.fail_json(
msg=
'Error: Please input rule_name when state is absent.')
# config rule
if self.rule_name:
if len(self.rule_name) < 1 or len(self.rule_name) > 32:
self.module.fail_json(
msg='Error: The len of rule_name is out of [1 - 32].')
if self.state != "delete_acl" and not self.rule_id:
self.module.fail_json(msg='Error: Please input rule_id.')
if self.rule_id:
if self.rule_id.isdigit():
if int(self.rule_id) < 0 or int(
self.rule_id) > 4294967294:
self.module.fail_json(
msg=
'Error: The value of rule_id is out of [0 - 4294967294].'
)
else:
self.module.fail_json(
msg='Error: The rule_id is not digit.')
if self.source_ip:
if not check_ip_addr(self.source_ip):
self.module.fail_json(
msg='Error: The source_ip %s is invalid.' %
self.source_ip)
if not self.src_mask:
self.module.fail_json(
msg='Error: Please input src_mask.')
if self.src_mask:
if self.src_mask.isdigit():
if int(self.src_mask) < 1 or int(self.src_mask) > 32:
self.module.fail_json(
msg='Error: The src_mask is out of [1 - 32].')
self.src_wild = self.get_wildcard_mask()
else:
self.module.fail_json(
msg='Error: The src_mask is not digit.')
if self.vrf_name:
if len(self.vrf_name) < 1 or len(self.vrf_name) > 31:
self.module.fail_json(
msg='Error: The len of vrf_name is out of [1 - 31].'
)
if self.time_range:
if len(self.time_range) < 1 or len(self.time_range) > 32:
self.module.fail_json(
msg=
'Error: The len of time_range is out of [1 - 32].')
if self.rule_description:
if len(self.rule_description) < 1 or len(
self.rule_description) > 127:
self.module.fail_json(
msg=
'Error: The len of rule_description is out of [1 - 127].'
)
if self.state != "delete_acl" and not self.rule_id:
self.module.fail_json(
msg='Error: Please input rule_id.')
conf_str = CE_GET_ACL_BASE_RULE_HEADER % self.acl_name
if self.rule_id:
conf_str += "<aclRuleID></aclRuleID>"
if self.rule_action:
conf_str += "<aclAction></aclAction>"
if self.source_ip:
conf_str += "<aclSourceIp></aclSourceIp>"
if self.src_wild:
conf_str += "<aclSrcWild></aclSrcWild>"
if self.frag_type:
conf_str += "<aclFragType></aclFragType>"
if self.vrf_name:
conf_str += "<vrfName></vrfName>"
if self.time_range:
conf_str += "<aclTimeName></aclTimeName>"
if self.rule_description:
conf_str += "<aclRuleDescription></aclRuleDescription>"
conf_str += "<aclLogFlag></aclLogFlag>"
conf_str += CE_GET_ACL_BASE_RULE_TAIL
recv_xml = self.netconf_get_config(conf_str=conf_str)
if "<data/>" in recv_xml:
find_flag = False
else:
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
root = ElementTree.fromstring(xml_str)
# parse base rule
base_rule_info = root.findall(
"data/acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4")
if base_rule_info:
for tmp in base_rule_info:
tmp_dict = dict()
for site in tmp:
if site.tag in [
"aclRuleName", "aclRuleID",
"aclAction", "aclSourceIp",
"aclSrcWild", "aclFragType", "vrfName",
"aclTimeName", "aclRuleDescription",
"aclLogFlag"
]:
tmp_dict[site.tag] = site.text
self.cur_base_rule_cfg["base_rule_info"].append(
tmp_dict)
if self.cur_base_rule_cfg["base_rule_info"]:
for tmp in self.cur_base_rule_cfg["base_rule_info"]:
find_flag = True
if self.rule_name and tmp.get(
"aclRuleName") != self.rule_name:
find_flag = False
if self.rule_id and tmp.get(
"aclRuleID") != self.rule_id:
find_flag = False
if self.rule_action and tmp.get(
"aclAction") != self.rule_action:
find_flag = False
if self.source_ip:
tmp_src_ip = self.source_ip.split(".")
tmp_src_wild = self.src_wild.split(".")
tmp_addr_item = []
for idx in range(4):
item1 = 255 - int(tmp_src_wild[idx])
item2 = item1 & int(tmp_src_ip[idx])
tmp_addr_item.append(item2)
tmp_addr = "%s.%s.%s.%s" % (
tmp_addr_item[0], tmp_addr_item[1],
tmp_addr_item[2], tmp_addr_item[3])
if tmp_addr != tmp.get("aclSourceIp"):
find_flag = False
if self.src_wild and tmp.get(
"aclSrcWild") != self.src_wild:
find_flag = False
if self.frag_type and tmp.get(
"aclFragType") != self.frag_type:
find_flag = False
if self.vrf_name and tmp.get(
"vrfName") != self.vrf_name:
find_flag = False
if self.time_range and tmp.get(
"aclTimeName") != self.time_range:
find_flag = False
if self.rule_description and tmp.get(
"aclRuleDescription"
) != self.rule_description:
find_flag = False
if tmp.get("aclLogFlag") != str(
self.log_flag).lower():
find_flag = False
if find_flag:
break
else:
find_flag = False
if self.state == "present":
need_cfg = bool(not find_flag)
elif self.state == "absent":
need_cfg = bool(find_flag)
else:
need_cfg = False
self.cur_base_rule_cfg["need_cfg"] = need_cfg
def check_params(self):
"""Check all input params"""
# check session_name
if not self.session_name:
self.module.fail_json(
msg="Error: Missing required arguments: session_name.")
if self.session_name:
if len(self.session_name) < 1 or len(self.session_name) > 15:
self.module.fail_json(msg="Error: Session name is invalid.")
# check local_discr
# check remote_discr
if self.local_discr:
if self.local_discr < 1 or self.local_discr > 16384:
self.module.fail_json(
msg=
"Error: Session local_discr is not ranges from 1 to 16384."
)
if self.remote_discr:
if self.remote_discr < 1 or self.remote_discr > 4294967295:
self.module.fail_json(
msg=
"Error: Session remote_discr is not ranges from 1 to 4294967295."
)
if self.state == "present" and self.create_type == "static":
if not self.local_discr:
self.module.fail_json(
msg="Error: Missing required arguments: local_discr.")
if not self.remote_discr:
self.module.fail_json(
msg="Error: Missing required arguments: remote_discr.")
# check out_if_name
if self.out_if_name:
if not get_interface_type(self.out_if_name):
self.module.fail_json(
msg="Error: Session out_if_name is invalid.")
# check dest_addr
if self.dest_addr:
if not check_ip_addr(self.dest_addr):
self.module.fail_json(
msg="Error: Session dest_addr is invalid.")
# check src_addr
if self.src_addr:
if not check_ip_addr(self.src_addr):
self.module.fail_json(
msg="Error: Session src_addr is invalid.")
# check vrf_name
if self.vrf_name:
if not is_valid_ip_vpn(self.vrf_name):
self.module.fail_json(
msg="Error: Session vrf_name is invalid.")
if not self.dest_addr:
self.module.fail_json(
msg=
"Error: vrf_name and dest_addr must set at the same time.")
# check use_default_ip
if self.use_default_ip and not self.out_if_name:
self.module.fail_json(
msg=
"Error: use_default_ip and out_if_name must set at the same time."
)
def check_netconf_args(self, result):
""" Check invalid netconf args """
need_cfg = True
same_flag = True
delete_flag = False
result["target_host_info"] = []
if self.host_name:
if len(self.host_name) > 32 or len(self.host_name) < 1:
self.module.fail_json(
msg='Error: The len of host_name is out of [1 - 32].')
if self.vpn_name and self.is_public_net != 'no_use':
if self.is_public_net == "true":
self.module.fail_json(
msg='Error: Do not support vpn_name and is_public_net at the same time.')
conf_str = CE_GET_SNMP_TARGET_HOST_HEADER
if self.domain:
conf_str += "<domain></domain>"
if self.address:
if not check_ip_addr(ipaddr=self.address):
self.module.fail_json(
msg='Error: The host address [%s] is invalid.' % self.address)
conf_str += "<address></address>"
if self.notify_type:
conf_str += "<notifyType></notifyType>"
if self.vpn_name:
if len(self.vpn_name) > 31 or len(self.vpn_name) < 1:
self.module.fail_json(
msg='Error: The len of vpn_name is out of [1 - 31].')
conf_str += "<vpnInstanceName></vpnInstanceName>"
if self.recv_port:
if int(self.recv_port) > 65535 or int(self.recv_port) < 0:
self.module.fail_json(
msg='Error: The value of recv_port is out of [0 - 65535].')
conf_str += "<portNumber></portNumber>"
if self.security_model:
conf_str += "<securityModel></securityModel>"
if self.security_name:
if len(self.security_name) > 32 or len(self.security_name) < 1:
self.module.fail_json(
msg='Error: The len of security_name is out of [1 - 32].')
conf_str += "<securityName></securityName>"
if self.security_name_v3:
if len(self.security_name_v3) > 32 or len(self.security_name_v3) < 1:
self.module.fail_json(
msg='Error: The len of security_name_v3 is out of [1 - 32].')
conf_str += "<securityNameV3></securityNameV3>"
if self.security_level:
conf_str += "<securityLevel></securityLevel>"
if self.is_public_net != 'no_use':
conf_str += "<isPublicNet></isPublicNet>"
if self.interface_name:
if len(self.interface_name) > 63 or len(self.interface_name) < 1:
self.module.fail_json(
msg='Error: The len of interface_name is out of [1 - 63].')
find_flag = False
for item in INTERFACE_TYPE:
if item in self.interface_name.lower():
find_flag = True
break
if not find_flag:
self.module.fail_json(
msg='Error: Please input full name of interface_name.')
conf_str += "<interface-name></interface-name>"
conf_str += CE_GET_SNMP_TARGET_HOST_TAIL
recv_xml = self.netconf_get_config(conf_str=conf_str)
if "<data/>" in recv_xml:
if self.state == "present":
same_flag = False
else:
delete_flag = False
else:
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
root = ElementTree.fromstring(xml_str)
target_host_info = root.findall(
"snmp/targetHosts/targetHost")
if target_host_info:
for tmp in target_host_info:
tmp_dict = dict()
for site in tmp:
if site.tag in ["nmsName", "domain", "address", "notifyType", "vpnInstanceName",
"portNumber", "securityModel", "securityName", "securityNameV3",
"securityLevel", "isPublicNet", "interface-name"]:
tmp_dict[site.tag] = site.text
result["target_host_info"].append(tmp_dict)
if result["target_host_info"]:
for tmp in result["target_host_info"]:
same_flag = True
if "nmsName" in tmp.keys():
if tmp["nmsName"] != self.host_name:
same_flag = False
else:
delete_flag = True
if "domain" in tmp.keys():
if tmp["domain"] != self.domain:
same_flag = False
if "address" in tmp.keys():
if tmp["address"] != self.address:
same_flag = False
if "notifyType" in tmp.keys():
if tmp["notifyType"] != self.notify_type:
same_flag = False
if "vpnInstanceName" in tmp.keys():
if tmp["vpnInstanceName"] != self.vpn_name:
same_flag = False
if "portNumber" in tmp.keys():
if tmp["portNumber"] != self.recv_port:
same_flag = False
if "securityModel" in tmp.keys():
if tmp["securityModel"] != self.security_model:
same_flag = False
if "securityName" in tmp.keys():
if tmp["securityName"] != self.security_name:
same_flag = False
if "securityNameV3" in tmp.keys():
if tmp["securityNameV3"] != self.security_name_v3:
same_flag = False
if "securityLevel" in tmp.keys():
if tmp["securityLevel"] != self.security_level:
same_flag = False
if "isPublicNet" in tmp.keys():
if tmp["isPublicNet"] != self.is_public_net:
same_flag = False
if "interface-name" in tmp.keys():
if tmp.get("interface-name") is not None:
if tmp["interface-name"].lower() != self.interface_name.lower():
same_flag = False
else:
same_flag = False
if same_flag:
break
if self.state == "present":
need_cfg = True
if same_flag:
need_cfg = False
else:
need_cfg = False
if delete_flag:
need_cfg = True
result["need_cfg"] = need_cfg
def check_netconf_args(self, result):
""" Check invalid netconf args """
need_cfg = True
same_flag = True
delete_flag = False
result["target_host_info"] = []
if self.host_name:
if len(self.host_name) > 32 or len(self.host_name) < 1:
self.module.fail_json(
msg='Error: The len of host_name is out of [1 - 32].')
if self.vpn_name and self.is_public_net != 'no_use':
if self.is_public_net == "true":
self.module.fail_json(
msg='Error: Do not support vpn_name and is_public_net at the same time.')
conf_str = CE_GET_SNMP_TARGET_HOST_HEADER
if self.domain:
conf_str += "<domain></domain>"
if self.address:
if not check_ip_addr(ipaddr=self.address):
self.module.fail_json(
msg='Error: The host address [%s] is invalid.' % self.address)
conf_str += "<address></address>"
if self.notify_type:
conf_str += "<notifyType></notifyType>"
if self.vpn_name:
if len(self.vpn_name) > 31 or len(self.vpn_name) < 1:
self.module.fail_json(
msg='Error: The len of vpn_name is out of [1 - 31].')
conf_str += "<vpnInstanceName></vpnInstanceName>"
if self.recv_port:
if int(self.recv_port) > 65535 or int(self.recv_port) < 0:
self.module.fail_json(
msg='Error: The value of recv_port is out of [0 - 65535].')
conf_str += "<portNumber></portNumber>"
if self.security_model:
conf_str += "<securityModel></securityModel>"
if self.security_name:
if len(self.security_name) > 32 or len(self.security_name) < 1:
self.module.fail_json(
msg='Error: The len of security_name is out of [1 - 32].')
conf_str += "<securityName></securityName>"
if self.security_name_v3:
if len(self.security_name_v3) > 32 or len(self.security_name_v3) < 1:
self.module.fail_json(
msg='Error: The len of security_name_v3 is out of [1 - 32].')
conf_str += "<securityNameV3></securityNameV3>"
if self.security_level:
conf_str += "<securityLevel></securityLevel>"
if self.is_public_net != 'no_use':
conf_str += "<isPublicNet></isPublicNet>"
if self.interface_name:
if len(self.interface_name) > 63 or len(self.interface_name) < 1:
self.module.fail_json(
msg='Error: The len of interface_name is out of [1 - 63].')
find_flag = False
for item in INTERFACE_TYPE:
if item in self.interface_name:
find_flag = True
break
if not find_flag:
self.module.fail_json(
msg='Error: Please input full name of interface_name.')
conf_str += "<interface-name></interface-name>"
conf_str += CE_GET_SNMP_TARGET_HOST_TAIL
recv_xml = self.netconf_get_config(conf_str=conf_str)
if "<data/>" in recv_xml:
if self.state == "present":
same_flag = False
else:
delete_flag = False
else:
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
root = ElementTree.fromstring(xml_str)
target_host_info = root.findall(
"data/snmp/targetHosts/targetHost")
if target_host_info:
for tmp in target_host_info:
tmp_dict = dict()
for site in tmp:
if site.tag in ["nmsName", "domain", "address", "notifyType", "vpnInstanceName",
"portNumber", "securityModel", "securityName", "securityNameV3",
"securityLevel", "isPublicNet", "interface-name"]:
tmp_dict[site.tag] = site.text
result["target_host_info"].append(tmp_dict)
if result["target_host_info"]:
for tmp in result["target_host_info"]:
same_flag = True
if "nmsName" in tmp.keys():
if tmp["nmsName"] != self.host_name:
same_flag = False
else:
delete_flag = True
if "domain" in tmp.keys():
if tmp["domain"] != self.domain:
same_flag = False
if "address" in tmp.keys():
if tmp["address"] != self.address:
same_flag = False
if "notifyType" in tmp.keys():
if tmp["notifyType"] != self.notify_type:
same_flag = False
if "vpnInstanceName" in tmp.keys():
if tmp["vpnInstanceName"] != self.vpn_name:
same_flag = False
if "portNumber" in tmp.keys():
if tmp["portNumber"] != self.recv_port:
same_flag = False
if "securityModel" in tmp.keys():
if tmp["securityModel"] != self.security_model:
same_flag = False
if "securityName" in tmp.keys():
if tmp["securityName"] != self.security_name:
same_flag = False
if "securityNameV3" in tmp.keys():
if tmp["securityNameV3"] != self.security_name_v3:
same_flag = False
if "securityLevel" in tmp.keys():
if tmp["securityLevel"] != self.security_level:
same_flag = False
if "isPublicNet" in tmp.keys():
if tmp["isPublicNet"] != self.is_public_net:
same_flag = False
if "interface-name" in tmp.keys():
if tmp["interface-name"] != self.interface_name:
same_flag = False
if same_flag:
break
if self.state == "present":
need_cfg = True
if same_flag:
need_cfg = False
else:
need_cfg = False
if delete_flag:
need_cfg = True
result["need_cfg"] = need_cfg
def check_base_rule_args(self):
""" Check base rule invalid args """
need_cfg = False
find_flag = False
self.cur_base_rule_cfg["base_rule_info"] = []
if self.acl_name:
if self.state == "absent":
if not self.rule_name:
self.module.fail_json(
msg='Error: Please input rule_name when state is absent.')
# config rule
if self.rule_name:
if len(self.rule_name) < 1 or len(self.rule_name) > 32:
self.module.fail_json(
msg='Error: The len of rule_name is out of [1 - 32].')
if self.state != "delete_acl" and not self.rule_id:
self.module.fail_json(
msg='Error: Please input rule_id.')
if self.rule_id:
if self.rule_id.isdigit():
if int(self.rule_id) < 0 or int(self.rule_id) > 4294967294:
self.module.fail_json(
msg='Error: The value of rule_id is out of [0 - 4294967294].')
else:
self.module.fail_json(
msg='Error: The rule_id is not digit.')
if self.source_ip:
if not check_ip_addr(self.source_ip):
self.module.fail_json(
msg='Error: The source_ip %s is invalid.' % self.source_ip)
if not self.src_mask:
self.module.fail_json(
msg='Error: Please input src_mask.')
if self.src_mask:
if self.src_mask.isdigit():
if int(self.src_mask) < 1 or int(self.src_mask) > 32:
self.module.fail_json(
msg='Error: The src_mask is out of [1 - 32].')
self.src_wild = self.get_wildcard_mask()
else:
self.module.fail_json(
msg='Error: The src_mask is not digit.')
if self.vrf_name:
if len(self.vrf_name) < 1 or len(self.vrf_name) > 31:
self.module.fail_json(
msg='Error: The len of vrf_name is out of [1 - 31].')
if self.time_range:
if len(self.time_range) < 1 or len(self.time_range) > 32:
self.module.fail_json(
msg='Error: The len of time_range is out of [1 - 32].')
if self.rule_description:
if len(self.rule_description) < 1 or len(self.rule_description) > 127:
self.module.fail_json(
msg='Error: The len of rule_description is out of [1 - 127].')
if self.state != "delete_acl" and not self.rule_id:
self.module.fail_json(
msg='Error: Please input rule_id.')
conf_str = CE_GET_ACL_BASE_RULE_HEADER % self.acl_name
if self.rule_id:
conf_str += "<aclRuleID></aclRuleID>"
if self.rule_action:
conf_str += "<aclAction></aclAction>"
if self.source_ip:
conf_str += "<aclSourceIp></aclSourceIp>"
if self.src_wild:
conf_str += "<aclSrcWild></aclSrcWild>"
if self.frag_type:
conf_str += "<aclFragType></aclFragType>"
if self.vrf_name:
conf_str += "<vrfName></vrfName>"
if self.time_range:
conf_str += "<aclTimeName></aclTimeName>"
if self.rule_description:
conf_str += "<aclRuleDescription></aclRuleDescription>"
conf_str += "<aclLogFlag></aclLogFlag>"
conf_str += CE_GET_ACL_BASE_RULE_TAIL
recv_xml = self.netconf_get_config(conf_str=conf_str)
if "<data/>" in recv_xml:
find_flag = False
else:
xml_str = recv_xml.replace('\r', '').replace('\n', '').\
replace('xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"', "").\
replace('xmlns="http://www.huawei.com/netconf/vrp"', "")
root = ElementTree.fromstring(xml_str)
# parse base rule
base_rule_info = root.findall(
"data/acl/aclGroups/aclGroup/aclRuleBas4s/aclRuleBas4")
if base_rule_info:
for tmp in base_rule_info:
tmp_dict = dict()
for site in tmp:
if site.tag in ["aclRuleName", "aclRuleID", "aclAction", "aclSourceIp", "aclSrcWild",
"aclFragType", "vrfName", "aclTimeName", "aclRuleDescription",
"aclLogFlag"]:
tmp_dict[site.tag] = site.text
self.cur_base_rule_cfg[
"base_rule_info"].append(tmp_dict)
if self.cur_base_rule_cfg["base_rule_info"]:
for tmp in self.cur_base_rule_cfg["base_rule_info"]:
find_flag = True
if self.rule_name and tmp.get("aclRuleName") != self.rule_name:
find_flag = False
if self.rule_id and tmp.get("aclRuleID") != self.rule_id:
find_flag = False
if self.rule_action and tmp.get("aclAction") != self.rule_action:
find_flag = False
if self.source_ip:
tmp_src_ip = self.source_ip.split(".")
tmp_src_wild = self.src_wild.split(".")
tmp_addr_item = []
for idx in range(4):
item1 = 255 - int(tmp_src_wild[idx])
item2 = item1 & int(tmp_src_ip[idx])
tmp_addr_item.append(item2)
tmp_addr = "%s.%s.%s.%s" % (tmp_addr_item[0], tmp_addr_item[1],
tmp_addr_item[2], tmp_addr_item[3])
if tmp_addr != tmp.get("aclSourceIp"):
find_flag = False
if self.src_wild and tmp.get("aclSrcWild") != self.src_wild:
find_flag = False
if self.frag_type and tmp.get("aclFragType") != self.frag_type:
find_flag = False
if self.vrf_name and tmp.get("vrfName") != self.vrf_name:
find_flag = False
if self.time_range and tmp.get("aclTimeName") != self.time_range:
find_flag = False
if self.rule_description and tmp.get("aclRuleDescription") != self.rule_description:
find_flag = False
if tmp.get("aclLogFlag") != str(self.log_flag).lower():
find_flag = False
if find_flag:
break
else:
find_flag = False
if self.state == "present":
need_cfg = bool(not find_flag)
elif self.state == "absent":
need_cfg = bool(find_flag)
else:
need_cfg = False
self.cur_base_rule_cfg["need_cfg"] = need_cfg
