def main(): # define the available arguments/parameters that a user can pass to # the module application_arg_spec = dict(id=dict(type='str'), name=dict(type='str'), ) rule_arg_spec = dict(policy=dict(type='str', choices=['deny'], default='deny'), type=dict(type='str', choices=['application', 'application_category', 'blacklisted_countries', 'host', 'ip_range', 'port', 'whitelisted_countries']), ip_range=dict(type='str'), application=dict(type='dict', default=None, options=application_arg_spec), host=dict(type='str'), port=dict(type='str'), countries=dict(type='list'), ) argument_spec = meraki_argument_spec() argument_spec.update(state=dict(type='str', choices=['present', 'query'], default='present'), net_name=dict(type='str'), net_id=dict(type='str'), rules=dict(type='list', default=None, elements='dict', options=rule_arg_spec), categories=dict(type='bool'), ) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict( changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, ) meraki = MerakiModule(module, function='mx_l7_firewall') # check for argument completeness if meraki.params['rules']: for rule in meraki.params['rules']: if rule['type'] == 'application' and rule['application'] is None: meraki.fail_json(msg="application argument is required when type is application.") elif rule['type'] == 'application_category' and rule['application'] is None: meraki.fail_json(msg="application argument is required when type is application_category.") elif rule['type'] == 'blacklisted_countries' and rule['countries'] is None: meraki.fail_json(msg="countries argument is required when type is blacklisted_countries.") elif rule['type'] == 'host' and rule['host'] is None: meraki.fail_json(msg="host argument is required when type is host.") elif rule['type'] == 'port' and rule['port'] is None: meraki.fail_json(msg="port argument is required when type is port.") elif rule['type'] == 'whitelisted_countries' and rule['countries'] is None: meraki.fail_json(msg="countries argument is required when type is whitelisted_countries.") meraki.params['follow_redirects'] = 'all' query_urls = {'mx_l7_firewall': '/networks/{net_id}/l7FirewallRules/'} query_category_urls = {'mx_l7_firewall': '/networks/{net_id}/l7FirewallRules/applicationCategories'} update_urls = {'mx_l7_firewall': '/networks/{net_id}/l7FirewallRules/'} meraki.url_catalog['get_all'].update(query_urls) meraki.url_catalog['get_categories'] = (query_category_urls) meraki.url_catalog['update'] = update_urls payload = None # manipulate or modify the state as needed (this is going to be the # part where your module will do what it needs to do) org_id = meraki.params['org_id'] orgs = None if org_id is None: orgs = meraki.get_orgs() for org in orgs: if org['name'] == meraki.params['org_name']: org_id = org['id'] net_id = meraki.params['net_id'] if net_id is None: if orgs is None: orgs = meraki.get_orgs() net_id = meraki.get_net_id(net_name=meraki.params['net_name'], data=meraki.get_nets(org_id=org_id)) if meraki.params['state'] == 'query': if meraki.params['categories'] is True: # Output only applications meraki.result['data'] = get_applications(meraki, net_id) else: meraki.result['data'] = restructure_response(get_rules(meraki, net_id)) elif meraki.params['state'] == 'present': rules = get_rules(meraki, net_id) path = meraki.construct_path('get_all', net_id=net_id) if meraki.params['rules']: payload = {'rules': []} for rule in meraki.params['rules']: payload['rules'].append(assemble_payload(meraki, net_id, rule)) else: payload = dict() ''' The rename_* functions are needed because the key is id and is_update_required() by default ignores id. ''' rules = rename_id_to_appid(rules) payload = rename_id_to_appid(payload) if meraki.is_update_required(rules, payload): rules = rename_appid_to_id(rules) payload = rename_appid_to_id(payload) if meraki.module.check_mode is True: response = restructure_response(payload) diff = recursive_diff(restructure_response(rules), response) meraki.result['diff'] = {'before': diff[0], 'after': diff[1], } meraki.result['data'] = response meraki.result['changed'] = True meraki.exit_json(**meraki.result) response = meraki.request(path, method='PUT', payload=json.dumps(payload)) response = restructure_response(response) if meraki.status == 200: diff = recursive_diff(restructure_response(rules), response) meraki.result['diff'] = {'before': diff[0], 'after': diff[1], } meraki.result['data'] = response meraki.result['changed'] = True else: rules = rename_appid_to_id(rules) payload = rename_appid_to_id(payload) if meraki.module.check_mode is True: meraki.result['data'] = rules meraki.result['changed'] = False meraki.exit_json(**meraki.result) meraki.result['data'] = payload # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results meraki.exit_json(**meraki.result)
def main(): # define the available arguments/parameters that a user can pass to # the module argument_spec = meraki_argument_spec() argument_spec.update(clone=dict(type='str'), state=dict(type='str', choices=['present', 'query'], default='present'), org_name=dict(type='str', aliases=['name', 'organization']), org_id=dict(type='int', aliases=['id']), ) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict( changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, ) meraki = MerakiModule(module, function='organizations') meraki.params['follow_redirects'] = 'all' create_urls = {'organizations': '/organizations', } update_urls = {'organizations': '/organizations/{org_id}', } clone_urls = {'organizations': '/organizations/{org_id}/clone', } meraki.url_catalog['create'] = create_urls meraki.url_catalog['update'] = update_urls meraki.url_catalog['clone'] = clone_urls payload = None # if the user is working with this module in only check mode we do not # want to make any changes to the environment, just return the current # state with no modifications # FIXME: Work with Meraki so they can implement a check mode if module.check_mode: meraki.exit_json(**meraki.result) # execute checks for argument completeness # manipulate or modify the state as needed (this is going to be the # part where your module will do what it needs to do) orgs = meraki.get_orgs() if meraki.params['state'] == 'query': if meraki.params['org_name']: # Query by organization name module.warn('All matching organizations will be returned, even if there are duplicate named organizations') for o in orgs: if o['name'] == meraki.params['org_name']: meraki.result['data'] = o elif meraki.params['org_id']: for o in orgs: if o['id'] == meraki.params['org_id']: meraki.result['data'] = o else: # Query all organizations, no matter what meraki.result['data'] = orgs elif meraki.params['state'] == 'present': if meraki.params['clone']: # Cloning payload = {'name': meraki.params['org_name']} response = meraki.request(meraki.construct_path('clone', org_name=meraki.params['clone'] ), payload=json.dumps(payload), method='POST') if meraki.status != 201: meraki.fail_json(msg='Organization clone failed') meraki.result['data'] = response meraki.result['changed'] = True elif not meraki.params['org_id'] and meraki.params['org_name']: # Create new organization payload = {'name': meraki.params['org_name']} response = meraki.request(meraki.construct_path('create'), method='POST', payload=json.dumps(payload)) if meraki.status == 201: meraki.result['data'] = response meraki.result['changed'] = True elif meraki.params['org_id'] and meraki.params['org_name']: # Update an existing organization payload = {'name': meraki.params['org_name'], 'id': meraki.params['org_id'], } original = get_org(meraki, meraki.params['org_id'], orgs) if meraki.is_update_required(original, payload): response = meraki.request(meraki.construct_path('update', org_id=meraki.params['org_id'] ), method='PUT', payload=json.dumps(payload)) if meraki.status != 200: meraki.fail_json(msg='Organization update failed') meraki.result['data'] = response meraki.result['changed'] = True else: meraki.result['data'] = original # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results meraki.exit_json(**meraki.result)
def main(): # define the available arguments/parameters that a user can pass to # the module fw_rules = dict(policy=dict(type='str', choices=['allow', 'deny']), protocol=dict(type='str', choices=['tcp', 'udp', 'icmp', 'any']), dest_port=dict(type='str'), dest_cidr=dict(type='str'), comment=dict(type='str'), ) argument_spec = meraki_argument_spec() argument_spec.update(state=dict(type='str', choices=['present', 'query'], default='present'), net_name=dict(type='str'), net_id=dict(type='str'), number=dict(type='str', aliases=['ssid_number']), ssid_name=dict(type='str', aliases=['ssid']), rules=dict(type='list', default=None, elements='dict', options=fw_rules), allow_lan_access=dict(type='bool', default=True), ) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict( changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, ) meraki = MerakiModule(module, function='mr_l3_firewall') meraki.params['follow_redirects'] = 'all' query_urls = {'mr_l3_firewall': '/networks/{net_id}/ssids/'} update_urls = {'mr_l3_firewall': '/networks/{net_id}/ssids/'} meraki.url_catalog['get_all'].update(query_urls) meraki.url_catalog['update'] = update_urls payload = None # if the user is working with this module in only check mode we do not # want to make any changes to the environment, just return the current # state with no modifications # FIXME: Work with Meraki so they can implement a check mode if module.check_mode: meraki.exit_json(**meraki.result) # execute checks for argument completeness # manipulate or modify the state as needed (this is going to be the # part where your module will do what it needs to do) org_id = meraki.params['org_id'] orgs = None if org_id is None: orgs = meraki.get_orgs() for org in orgs: if org['name'] == meraki.params['org_name']: org_id = org['id'] net_id = meraki.params['net_id'] if net_id is None: if orgs is None: orgs = meraki.get_orgs() net_id = meraki.get_net_id(net_name=meraki.params['net_name'], data=meraki.get_nets(org_id=org_id)) number = meraki.params['number'] if meraki.params['ssid_name']: number = get_ssid_number(meraki.params['ssid_name'], get_ssids(meraki, net_id)) if meraki.params['state'] == 'query': meraki.result['data'] = get_rules(meraki, net_id, number) elif meraki.params['state'] == 'present': rules = get_rules(meraki, net_id, number) path = meraki.construct_path('get_all', net_id=net_id) path = path + number + '/l3FirewallRules' if meraki.params['rules']: payload = assemble_payload(meraki) else: payload = dict() update = False try: if len(rules) != len(payload['rules']): # Quick and simple check to avoid more processing update = True if update is False: for r in range(len(rules) - 2): if meraki.is_update_required(rules[r], payload[r]) is True: update = True except KeyError: pass if rules[len(rules) - 2] != meraki.params['allow_lan_access']: update = True if update is True: payload['allowLanAccess'] = meraki.params['allow_lan_access'] response = meraki.request(path, method='PUT', payload=json.dumps(payload)) if meraki.status == 200: meraki.result['data'] = response meraki.result['changed'] = True # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results meraki.exit_json(**meraki.result)
def main(): # define the available arguments/parameters that a user can pass to # the module argument_spec = meraki_argument_spec() argument_spec.update(clone=dict(type='str'), state=dict(type='str', choices=['present', 'query'], default='present'), org_name=dict(type='str', aliases=['name', 'organization']), org_id=dict(type='int', aliases=['id']), ) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict( changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True, ) meraki = MerakiModule(module, function='organizations') meraki.params['follow_redirects'] = 'all' create_urls = {'organizations': '/organizations', } update_urls = {'organizations': '/organizations/{org_id}', } clone_urls = {'organizations': '/organizations/{org_id}/clone', } meraki.url_catalog['create'] = create_urls meraki.url_catalog['update'] = update_urls meraki.url_catalog['clone'] = clone_urls payload = None # if the user is working with this module in only check mode we do not # want to make any changes to the environment, just return the current # state with no modifications # FIXME: Work with Meraki so they can implement a check mode if module.check_mode: meraki.exit_json(**meraki.result) # execute checks for argument completeness # manipulate or modify the state as needed (this is going to be the # part where your module will do what it needs to do) orgs = meraki.get_orgs() if meraki.params['state'] == 'query': if meraki.params['org_name']: # Query by organization name module.warn('All matching organizations will be returned, even if there are duplicate named organizations') for o in orgs: if o['name'] == meraki.params['org_name']: meraki.result['data'] = o elif meraki.params['org_id']: for o in orgs: if o['id'] == meraki.params['org_id']: meraki.result['data'] = o else: # Query all organizations, no matter what orgs = meraki.get_orgs() meraki.result['data'] = orgs elif meraki.params['state'] == 'present': if meraki.params['clone']: # Cloning payload = {'name': meraki.params['org_name']} meraki.result['data'] = json.loads( meraki.request( meraki.construct_path( 'clone', org_name=meraki.params['clone'] ), payload=json.dumps(payload), method='POST')) elif not meraki.params['org_id'] and meraki.params['org_name']: # Create new organization payload = {'name': meraki.params['org_name']} meraki.result['data'] = json.loads( meraki.request( meraki.construct_path('create'), method='POST', payload=json.dumps(payload))) elif meraki.params['org_id'] and meraki.params['org_name']: # Update an existing organization payload = {'name': meraki.params['org_name'], 'id': meraki.params['org_id'], } meraki.result['data'] = json.loads( meraki.request( meraki.construct_path( 'update', org_id=meraki.params['org_id'] ), method='PUT', payload=json.dumps(payload))) # in the event of a successful module execution, you will want to # simple AnsibleModule.exit_json(), passing the key/value results meraki.exit_json(**meraki.result)