def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) # Verify libs, initialize pandevice object tree. parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params["vr_name"]) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg="Failed refresh: {0}".format(e)) bgp = vr.find("", Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for virtual router "{0}"'. format(vr.name)) listing = bgp.findall(BgpDampeningProfile) spec = { "name": module.params["name"], "enable": module.params["enable"], "cutoff": module.params["cutoff"], "reuse": module.params["reuse"], "max_hold_time": module.params["max_hold_time"], "decay_half_life_reachable": module.params["decay_half_life_reachable"], "decay_half_life_unreachable": module.params["decay_half_life_unreachable"], } obj = BgpDampeningProfile(**spec) bgp.add(obj) # Apply the requested state. changed, diff = helper.apply_state(obj, listing, module) # Optional commit. if changed and module.params["commit"]: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg="done")
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params["vr_name"]) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg="Failed refresh: {0}".format(e)) bgp = vr.find("", Bgp) if bgp is None: module.fail_json( msg="BGP is not configured on virtual router {0}".format(vr.name) ) listing = bgp.findall(BgpPolicyConditionalAdvertisement) spec = { "name": module.params["name"], "enable": module.params["enable"], "used_by": module.params["used_by"], } obj = BgpPolicyConditionalAdvertisement(**spec) bgp.add(obj) # TODO(gfreeman) - Remove this in 2.12. for ansible_param in ("non_exist_filter", "advertise_filter"): val = module.params[ansible_param] if val is not None: module.deprecate( "Param {0} is deprecated".format(ansible_param), version="3.0.0", collection_name="paloaltonetworks.panos", ) filter_obj = pickle.loads(b64decode(val)) obj.add(filter_obj) changed, diff = helper.apply_state(obj, listing, module) if changed and module.params["commit"]: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg="done")
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) # TODO(gfreeman) - removed in 2.12 if module.params["replace"] is not None: module.deprecate( 'Param "replace" is deprecated; please remove it from your playbooks', version="3.0.0", collection_name="paloaltonetworks.panos", ) vr = VirtualRouter(module.params["vr_name"]) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg="Failed refresh: {0}".format(e)) bgp = vr.find("", Bgp) if bgp is None: module.fail_json(msg="BGP config not yet added to {0}".format(vr.name)) parent = bgp listing = parent.findall(BgpAuthProfile) commit = module.params["commit"] spec = { "name": module.params["name"], "secret": module.params["secret"], } obj = BgpAuthProfile(**spec) parent.add(obj) changed, diff = helper.apply_state(obj, listing, module) if commit and changed: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg="done")
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) # Verify libs are present, get pandevice parent. parent = helper.get_pandevice_parent(module) # Verify the virtual router is present. vr = VirtualRouter(module.params['vr_name']) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name)) listing = bgp.findall(BgpPeerGroup) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'aggregated_confed_as_path': module.params['aggregated_confed_as_path'], 'soft_reset_with_stored_info': module.params['soft_reset_with_stored_info'], 'type': module.params['type'], 'export_nexthop': module.params['export_nexthop'], 'import_nexthop': module.params['import_nexthop'], 'remove_private_as': module.params['remove_private_as'], } obj = BgpPeerGroup(**spec) bgp.add(obj) # Apply the state. changed, diff = helper.apply_state(obj, listing, module) # Optional commit. if changed and module.params['commit']: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params['vr_name']) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name)) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'address_family_identifier': module.params['address_family_identifier'], 'route_table': module.params['route_table'], 'set_origin': module.params['set_origin'], 'set_med': module.params['set_med'], 'set_local_preference': module.params['set_local_preference'], 'set_as_path_limit': module.params['set_as_path_limit'], 'set_community': module.params['set_community'], 'set_extended_community': module.params['set_extended_community'], 'metric': module.params['metric'], } listing = bgp.findall(BgpRedistributionRule) obj = BgpRedistributionRule(**spec) bgp.add(obj) changed, diff = helper.apply_state(obj, listing, module) if changed and module.params['commit']: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'prefix': module.params['prefix'], 'summary': module.params['summary'], 'as_set': module.params['as_set'], 'attr_local_preference': module.params['attr_local_preference'], 'attr_med': module.params['attr_med'], 'attr_weight': module.params['attr_weight'], 'attr_nexthop': module.params['attr_nexthop'], 'attr_origin': module.params['attr_origin'], 'attr_as_path_limit': module.params['attr_as_path_limit'], 'attr_as_path_type': module.params['attr_as_path_type'], 'attr_as_path_prepend_times': module.params['attr_as_path_prepend_times'], 'attr_community_type': module.params['attr_community_type'], 'attr_community_argument': module.params['attr_community_argument'], 'attr_extended_community_type': module.params['attr_extended_community_type'], 'attr_extended_community_argument': module.params['attr_extended_community_argument'], } obj = BgpPolicyAggregationAddress(**spec) vr_name = module.params['vr_name'] commit = module.params['commit'] vr = VirtualRouter(vr_name) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name)) listing = bgp.findall(BgpPolicyAggregationAddress) bgp.add(obj) # Apply the desired state. changed, diff = helper.apply_state(obj, listing, module) # Optional: commit. if changed and commit: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) # Verify libs, setup pandevice object tree. parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params['vr_name']) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json( msg='BGP is not configured for "{0}".'.format(vr.name)) group = bgp.find(module.params['peer_group'], BgpPeerGroup) if group is None: module.fail_json(msg='BGP peer group does not exist: {0}.'.format( module.params['peer_group'])) listing = group.findall(BgpPeer) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'peer_as': module.params['peer_as'], 'enable_mp_bgp': module.params['enable_mp_bgp'], 'address_family_identifier': module.params['address_family_identifier'], 'subsequent_address_unicast': module.params['subsequent_address_unicast'], 'subsequent_address_multicast': module.params['subsequent_address_multicast'], 'local_interface': module.params['local_interface'], 'local_interface_ip': module.params['local_interface_ip'], 'peer_address_ip': module.params['peer_address_ip'], 'connection_authentication': module.params['connection_authentication'], 'connection_keep_alive_interval': module.params['connection_keep_alive_interval'], 'connection_min_route_adv_interval': module.params['connection_min_route_adv_interval'], 'connection_multihop': module.params['connection_multihop'], 'connection_open_delay_time': module.params['connection_open_delay_time'], 'connection_hold_time': module.params['connection_hold_time'], 'connection_idle_hold_time': module.params['connection_idle_hold_time'], 'connection_incoming_allow': module.params['connection_incoming_allow'], 'connection_outgoing_allow': module.params['connection_outgoing_allow'], 'connection_incoming_remote_port': module.params['connection_incoming_remote_port'], 'connection_outgoing_local_port': module.params['connection_outgoing_local_port'], 'enable_sender_side_loop_detection': module.params['enable_sender_side_loop_detection'], 'reflector_client': module.params['reflector_client'], 'peering_type': module.params['peering_type'], 'max_prefixes': module.params['max_prefixes'], 'bfd_profile': module.params['bfd_profile'], } obj = BgpPeer(**spec) group.add(obj) changed, diff = helper.apply_state(obj, listing, module) if changed and module.params['commit']: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params['vr_name']) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name)) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'match_afi': module.params['match_afi'], 'match_safi': module.params['match_safi'], 'match_route_table': module.params['match_route_table'], 'match_nexthop': module.params['match_nexthop'], 'match_from_peer': module.params['match_from_peer'], 'match_med': module.params['match_med'], 'match_as_path_regex': module.params['match_as_path_regex'], 'match_community_regex': module.params['match_community_regex'], 'match_extended_community_regex': module.params['match_extended_community_regex'], 'used_by': module.params['used_by'], 'action': module.params['action'], 'action_local_preference': module.params['action_local_preference'], 'action_med': module.params['action_med'], 'action_nexthop': module.params['action_nexthop'], 'action_origin': module.params['action_origin'], 'action_as_path_limit': module.params['action_as_path_limit'], 'action_as_path_type': module.params['action_as_path_type'], 'action_as_path_prepend_times': module.params['action_as_path_prepend_times'], 'action_community_type': module.params['action_community_type'], 'action_community_argument': module.params['action_community_argument'], 'action_extended_community_type': module.params['action_extended_community_type'], 'action_extended_community_argument': module.params['action_extended_community_argument'], } # Add the correct rule type. if module.params['type'] == 'import': spec['action_dampening'] = module.params['action_dampening'] spec['action_weight'] = module.params['action_weight'] obj = BgpPolicyImportRule(**spec) else: obj = BgpPolicyExportRule(**spec) # Handle address prefixes. for x in module.params['address_prefix']: if 'name' not in x: module.fail_json( msg='Address prefix dict requires "name": {0}'.format(x)) obj.add( BgpPolicyAddressPrefix( to_text(x['name'], encoding='utf-8', errors='surrogate_or_strict'), None if x.get('exact') is None else module.boolean(x['exact']), )) listing = bgp.findall(obj.__class__) bgp.add(obj) # Apply the state. changed, diff = helper.apply_state(obj, listing, module) # Optional commit. if changed and module.params['commit']: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params['vr_name']) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg='Failed refresh: {0}'.format(e)) bgp = vr.find('', Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for virtual router {0}'.format(vr.name)) policy = None if module.params['policy_type'] == 'conditional-advertisement': policy_cls = BgpPolicyConditionalAdvertisement else: policy_cls = BgpPolicyAggregationAddress policy = bgp.find_or_create(module.params['policy_name'], policy_cls) obj_type = None if module.params['filter_type'] == 'non-exist': obj_type = BgpPolicyNonExistFilter elif module.params['filter_type'] == 'advertise': obj_type = BgpPolicyAdvertiseFilter elif module.params['filter_type'] == 'suppress': obj_type = BgpPolicySuppressFilter else: module.fail_json(msg='Unknown filter_type: {0}'.format(module.params['filter_type'])) listing = policy.findall(obj_type) spec = { 'name': module.params['name'], 'enable': module.params['enable'], 'match_afi': module.params['match_afi'], 'match_safi': module.params['match_safi'], 'match_route_table': module.params['match_route_table'], 'match_nexthop': module.params['match_nexthop'], 'match_from_peer': module.params['match_from_peer'], 'match_med': module.params['match_med'], 'match_as_path_regex': module.params['match_as_path_regex'], 'match_community_regex': module.params['match_community_regex'], 'match_extended_community_regex': module.params['match_extended_community_regex'], } commit = module.params['commit'] obj = obj_type(**spec) policy.add(obj) # Handle address prefixes. for x in module.params['address_prefix']: obj.add(BgpPolicyAddressPrefix( to_text(x['name'], encoding='utf-8', errors='surrogate_or_strict'), None if x.get('exact') is None else module.boolean(x['exact']), )) if module.params['state'] == 'return-object': module.deprecate('state=return-object is deprecated', version='3.0.0', collection_name='paloaltonetworks.panos') obj.parent = None panos_obj = b64encode(pickle.dumps(obj, protocol=pickle.HIGHEST_PROTOCOL)) module.exit_json(msg='returning serialized object', panos_obj=panos_obj) changed, diff = helper.apply_state(obj, listing, module) if changed and module.params['commit']: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg='done')
def main(): helper = get_connection( template=True, template_stack=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params["vr_name"]) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg="Failed refresh: {0}".format(e)) bgp = vr.find("", Bgp) if bgp is None: module.fail_json( msg="BGP is not configured for virtual router {0}".format(vr.name)) policy = None if module.params["policy_type"] == "conditional-advertisement": policy_cls = BgpPolicyConditionalAdvertisement else: policy_cls = BgpPolicyAggregationAddress policy = bgp.find_or_create(module.params["policy_name"], policy_cls) obj_type = None if module.params["filter_type"] == "non-exist": obj_type = BgpPolicyNonExistFilter elif module.params["filter_type"] == "advertise": obj_type = BgpPolicyAdvertiseFilter elif module.params["filter_type"] == "suppress": obj_type = BgpPolicySuppressFilter else: module.fail_json(msg="Unknown filter_type: {0}".format( module.params["filter_type"])) listing = policy.findall(obj_type) spec = { "name": module.params["name"], "enable": module.params["enable"], "match_afi": module.params["match_afi"], "match_safi": module.params["match_safi"], "match_route_table": module.params["match_route_table"], "match_nexthop": module.params["match_nexthop"], "match_from_peer": module.params["match_from_peer"], "match_med": module.params["match_med"], "match_as_path_regex": module.params["match_as_path_regex"], "match_community_regex": module.params["match_community_regex"], "match_extended_community_regex": module.params["match_extended_community_regex"], } commit = module.params["commit"] obj = obj_type(**spec) policy.add(obj) # Handle address prefixes. for x in module.params["address_prefix"]: obj.add( BgpPolicyAddressPrefix( to_text(x["name"], encoding="utf-8", errors="surrogate_or_strict"), None if x.get("exact") is None else module.boolean(x["exact"]), )) if module.params["state"] == "return-object": module.deprecate( "state=return-object is deprecated", version="3.0.0", collection_name="paloaltonetworks.panos", ) obj.parent = None panos_obj = b64encode( pickle.dumps(obj, protocol=pickle.HIGHEST_PROTOCOL)) module.exit_json(msg="returning serialized object", panos_obj=panos_obj) changed, diff = helper.apply_state(obj, listing, module) if changed and module.params["commit"]: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg="done")
def main(): helper = get_connection( template=True, template_stack=True, with_state=True, with_classic_provider_spec=True, argument_spec=setup_args(), ) module = AnsibleModule( argument_spec=helper.argument_spec, supports_check_mode=True, required_one_of=helper.required_one_of, ) parent = helper.get_pandevice_parent(module) vr = VirtualRouter(module.params["vr_name"]) parent.add(vr) try: vr.refresh() except PanDeviceError as e: module.fail_json(msg="Failed refresh: {0}".format(e)) bgp = vr.find("", Bgp) if bgp is None: module.fail_json(msg='BGP is not configured for "{0}"'.format(vr.name)) spec = { "name": module.params["name"], "enable": module.params["enable"], "match_afi": module.params["match_afi"], "match_safi": module.params["match_safi"], "match_route_table": module.params["match_route_table"], "match_nexthop": module.params["match_nexthop"], "match_from_peer": module.params["match_from_peer"], "match_med": module.params["match_med"], "match_as_path_regex": module.params["match_as_path_regex"], "match_community_regex": module.params["match_community_regex"], "match_extended_community_regex": module.params["match_extended_community_regex"], "used_by": module.params["used_by"], "action": module.params["action"], "action_local_preference": module.params["action_local_preference"], "action_med": module.params["action_med"], "action_nexthop": module.params["action_nexthop"], "action_origin": module.params["action_origin"], "action_as_path_limit": module.params["action_as_path_limit"], "action_as_path_type": module.params["action_as_path_type"], "action_as_path_prepend_times": module.params["action_as_path_prepend_times"], "action_community_type": module.params["action_community_type"], "action_community_argument": module.params["action_community_argument"], "action_extended_community_type": module.params["action_extended_community_type"], "action_extended_community_argument": module.params["action_extended_community_argument"], } # Add the correct rule type. if module.params["type"] == "import": spec["action_dampening"] = module.params["action_dampening"] spec["action_weight"] = module.params["action_weight"] obj = BgpPolicyImportRule(**spec) else: obj = BgpPolicyExportRule(**spec) # Handle address prefixes. for x in module.params["address_prefix"]: if "name" not in x: module.fail_json( msg='Address prefix dict requires "name": {0}'.format(x)) obj.add( BgpPolicyAddressPrefix( to_text(x["name"], encoding="utf-8", errors="surrogate_or_strict"), None if x.get("exact") is None else module.boolean(x["exact"]), )) listing = bgp.findall(obj.__class__) bgp.add(obj) # Apply the state. changed, diff = helper.apply_state(obj, listing, module) # Optional commit. if changed and module.params["commit"]: helper.commit(module) module.exit_json(changed=changed, diff=diff, msg="done")