def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes')),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
try:
data = dev.write_mem()
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
return_status = True
else:
module.fail_json(msg='Unable to save configuration: - %s' % data.status_code)
return_msg = { 'changed': return_status }
module.exit_json(**return_msg)
def main():
module = AnsibleModule(argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
name=dict(required=True),
description=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
category=dict(required=False,
choices=[
'ipv4_address', 'ipv6_address', 'ipv4_subnet',
'ipv6_subnet', 'ipv4_range', 'ipv6_range',
'ipv4_fqdn', 'ipv6_fqdn'
]),
validate_certs=dict(required=False,
choices=['no', 'yes'],
default='yes'),
value=dict(required=False)),
required_together=(['category', 'value'], ),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present":
if m_args['category'] == False:
module.fail_json(msg='Category not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs)
desired_data = {}
desired_data['name'] = m_args['name']
desired_data['objectId'] = m_args['name']
desired_data['kind'] = 'object#NetworkObj'
if m_args['category']:
kind = object_kind[m_args['category']]
desired_data['host'] = {'kind': kind, 'value': m_args['value']}
if m_args['description']:
desired_data['description'] = m_args['description']
try:
data = dev.get_networkobject(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
name=dict(required=True),
description=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn' ]),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
value=dict(required=False)),
required_together = ( ['category','value'],),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present":
if m_args['category'] == False:
module.fail_json(msg='Category not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
desired_data = {}
desired_data['name'] = m_args['name']
desired_data['objectId'] = m_args['name']
desired_data['kind'] = 'object#NetworkObj'
if m_args['category']:
kind = object_kind[m_args['category']]
desired_data['host'] = {
'kind': kind,
'value': m_args['value']
}
if m_args['description']:
desired_data['description'] = m_args['description']
try:
data = dev.get_networkobject(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
members=dict(required=False),
name=dict(required=True),
entry_state=dict(required=False, choices=['absent', 'present']),
description=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn', 'object', 'object_group' ]),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
value=dict(required=False)
),
required_together = (
['category','entry_state','value'],
),
mutually_exclusive=(['category', 'members'],),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
desired_data = {}
desired_data['name'] = m_args['name']
if m_args['description']:
desired_data['description'] = m_args['description']
member_data = {}
if m_args['entry_state']:
member_data['kind'] = object_kind[m_args['category']]
kind_type = object_kind_type[m_args['category']]
member_data[kind_type] = m_args['value']
if kind_type == 'objectId':
if m_args['category'] == 'object_group':
ref_link = 'https://%s/api/objects/networkobjectgroups/%s' % (m_args['host'], m_args['value'])
else:
ref_link = 'https://%s/api/objects/networkobjects/%s' % (m_args['host'], m_args['value'])
member_data['refLink'] = ref_link
desired_data['members'] = [member_data]
if m_args['members']:
pass
try:
data = dev.get_networkobjectgroup(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present' and m_args['entry_state']:
change_description = False
if m_args['description']:
current_data = data.json()
try:
if m_args['description'] == current_data['description']:
change_description = False
else:
change_description = True
except:
change_description = True
found = find_member(data.json(), member_data, module)
if found and m_args['entry_state'] == 'present':
changed_status = False
elif found and m_args['entry_state'] == 'absent':
changed_status = remove_object(dev, module, m_args['name'], member_data)
elif m_args['entry_state'] == 'present':
changed_status = add_object(dev, module, m_args['name'], member_data)
elif m_args['entry_state'] == 'absent':
changed_status = False
if change_description:
changed_status = modify_description(dev, module, m_args['name'],m_args['description'])
elif m_args['state'] == 'present' and m_args['members']:
module.fail_json(msg='This feature is eagerly awaiting to be developed')
else:
#Remove after members are implemented
module.fail_json(msg='Unknown error check arguments')
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
name=dict(required=True),
description=dict(required=False),
dst_port=dict(required=False),
src_port=dict(required=False),
icmp_type=dict(required=False),
icmp_code=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
protocol=dict(required=False,
choices=[
'ah',
'eigrp',
'esp',
'gre',
'icmp',
'icmp6',
'igmp',
'igrp',
'ip',
'ipinip',
'ipsec',
'nos',
'ospf',
'pcp',
'pim',
'pptp',
'snp',
'tcp',
'udp',
'0',
'1',
'2',
'3',
'4',
'5',
'6',
'7',
'8',
'9',
'10',
'11',
'12',
'13',
'14',
'15',
'16',
'17',
'18',
'19',
'20',
'21',
'22',
'23',
'24',
'25',
'26',
'27',
'28',
'29',
'30',
'31',
'32',
'33',
'34',
'35',
'36',
'37',
'38',
'39',
'40',
'41',
'42',
'43',
'44',
'45',
'46',
'47',
'48',
'49',
'50',
'51',
'52',
'53',
'54',
'55',
'56',
'57',
'58',
'59',
'60',
'61',
'62',
'63',
'64',
'65',
'66',
'67',
'68',
'69',
'70',
'71',
'72',
'73',
'74',
'75',
'76',
'77',
'78',
'79',
'80',
'81',
'82',
'83',
'84',
'85',
'86',
'87',
'88',
'89',
'90',
'91',
'92',
'93',
'94',
'95',
'96',
'97',
'98',
'99',
'100',
'101',
'102',
'103',
'104',
'105',
'106',
'107',
'108',
'109',
'110',
'111',
'112',
'113',
'114',
'115',
'116',
'117',
'118',
'119',
'120',
'121',
'122',
'123',
'124',
'125',
'126',
'127',
'128',
'129',
'130',
'131',
'132',
'133',
'134',
'135',
'136',
'137',
'138',
'139',
'140',
'141',
'142',
'143',
'144',
'145',
'146',
'147',
'148',
'149',
'150',
'151',
'152',
'153',
'154',
'155',
'156',
'157',
'158',
'159',
'160',
'161',
'162',
'163',
'164',
'165',
'166',
'167',
'168',
'169',
'170',
'171',
'172',
'173',
'174',
'175',
'176',
'177',
'178',
'179',
'180',
'181',
'182',
'183',
'184',
'185',
'186',
'187',
'188',
'189',
'190',
'191',
'192',
'193',
'194',
'195',
'196',
'197',
'198',
'199',
'200',
'201',
'202',
'203',
'204',
'205',
'206',
'207',
'208',
'209',
'210',
'211',
'212',
'213',
'214',
'215',
'216',
'217',
'218',
'219',
'220',
'221',
'222',
'223',
'224',
'225',
'226',
'227',
'228',
'229',
'230',
'231',
'232',
'233',
'234',
'235',
'236',
'237',
'238',
'239',
'240',
'241',
'242',
'243',
'244',
'245',
'246',
'247',
'248',
'249',
'250',
'251',
'252',
'253',
'254',
'255',
]),
validate_certs=dict(required=False,
choices=['no', 'yes'],
default='yes'),
value=dict(required=False)),
required_together=(['category', 'value'], ),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present":
if m_args['protocol'] == False:
module.fail_json(msg='Protocol not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs)
if m_args['src_port'] and m_args['protocol'] not in protocols_using_ports:
module.fail_json(msg="Can't use source port with %s" %
m_args['protocol'])
if m_args['dst_port'] and m_args['protocol'] not in protocols_using_ports:
module.fail_json(msg="Can't use destination port with %s" %
m_args['protocol'])
# icmp -> ICMPServiceObj
# icmp6 -> object#ICMP6ServiceObj
if m_args['dst_port'] or m_args['src_port']:
kind = 'object#TcpUdpServiceObj'
elif m_args['protocol']:
kind = 'object#NetworkProtocolObj'
protocol = m_args['protocol']
try:
protocol = int(m_args['protocol'])
except:
pass
if isinstance(protocol, int):
protocol = ip_protocol_name[str(protocol)]
else:
kind = 'object#NetworkProtocolObj'
# Change to function to target source dest udp and tcp
if m_args['dst_port'] and m_args['protocol'] == 'tcp':
try:
int(m_args['dst_port'])
except:
if m_args['dst_port'] not in tcp_services.itervalues():
module.fail_json(msg='%s is not valid using tcp' %
m_args['dst_port'])
if isinstance(m_args['dst_port'], int):
if 1 <= m_args['dst_port'] <= 65535:
m_args['dst_port'] = str(m_args['dst_port'])
else:
module.fail_json(msg='%s is not a valid tcp port' %
m_args['dst_port'])
desired_data = {}
desired_data['name'] = m_args['name']
desired_data['objectId'] = m_args['name']
desired_data['kind'] = kind
if kind == 'object#NetworkProtocolObj':
desired_data['value'] = protocol
elif kind == 'object#TcpUdpServiceObj':
# Fix for source ports too
desired_data['value'] = '%s/%s' % (m_args['protocol'],
m_args['dst_port'])
if m_args['description']:
desired_data['description'] = m_args['description']
try:
data = dev.get_serviceobject(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
priority=dict(required=True),
state=dict(required=True, choices=['absent', 'present']),
authentication=dict(required=False, choices=['pre-share', 'rsa-sig']),
encryption=dict(required=False, choices=['des', '3des', 'aes-128', 'aes-192', 'aes-256']),
hash=dict(required=False, choices=['md5', 'sha']),
group=dict(required=False, choices=['1', '2', '5']),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
lifetime=dict(required=False),
),
required_together = ( ['authentication', 'encryption', 'hash', 'group', 'lifetime'],),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present" and m_args['authentication'] == False:
module.fail_json(msg='Authentication mode not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
desired_data = {}
try:
priority = int(m_args['priority'])
except:
module.fail_json(msg='Priority has to be a number')
if 1 <= priority <= 65535:
#desired_data['priority'] = m_args['priority']
desired_data['priority'] = priority
desired_data['objectId'] = m_args['priority']
else:
module.fail_json(msg='Priority must be between 1 and 65535')
if m_args['state'] == "present":
try:
lifetime = int(m_args['lifetime'])
except:
module.fail_json(msg='Lifetime has to be a number')
if 120 <= lifetime <= 2147483647:
desired_data['lifetimeInSecs'] = lifetime
else:
module.fail_json(msg='Lifetime must be between 120 and 2147483647')
desired_data['authentication'] = m_args['authentication']
desired_data['encryption'] = m_args['encryption']
desired_data['hash'] = m_args['hash']
desired_data['dhgroup'] = int(m_args['group'])
desired_data['kind'] = 'object#ikev1policy'
desired_data['objectId'] = m_args['priority']
desired_data['selfLink'] = 'https://%s/api/vpn/ikev1policy/%s' % (m_args['host'], m_args['priority'])
try:
data = dev.get_ikev1_policy(m_args['priority'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['priority'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
members=dict(required=False),
name=dict(required=True),
entry_state=dict(required=False, choices=['absent', 'present']),
description=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
category=dict(required=False, choices=[ 'ipv4_address', 'ipv6_address', 'ipv4_subnet', 'ipv6_subnet', 'ipv4_range', 'ipv6_range', 'ipv4_fqdn', 'ipv6_fqdn', 'object', 'object_group' ]),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
value=dict(required=False)
),
required_together = (
['category','entry_state','value'],
),
mutually_exclusive=(['category', 'members'],),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
desired_data = {}
desired_data['name'] = m_args['name']
if m_args['description']:
desired_data['description'] = m_args['description']
member_data = {}
if m_args['entry_state']:
member_data['kind'] = object_kind[m_args['category']]
kind_type = object_kind_type[m_args['category']]
member_data[kind_type] = m_args['value']
if kind_type == 'objectId':
if m_args['category'] == 'object_group':
ref_link = 'https://%s/api/objects/networkobjectgroups/%s' % (m_args['host'], m_args['value'])
else:
ref_link = 'https://%s/api/objects/networkobjects/%s' % (m_args['host'], m_args['value'])
member_data['refLink'] = ref_link
desired_data['members'] = [member_data]
if m_args['members']:
pass
try:
data = dev.get_networkobjectgroup(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present' and m_args['entry_state']:
change_description = False
if m_args['description']:
current_data = data.json()
try:
if m_args['description'] == current_data['description']:
change_description = False
else:
change_description = True
except:
change_description = True
found = find_member(data.json(), member_data, module)
if found and m_args['entry_state'] == 'present':
changed_status = False
elif found and m_args['entry_state'] == 'absent':
changed_status = remove_object(dev, module, m_args['name'], member_data)
elif m_args['entry_state'] == 'present':
changed_status = add_object(dev, module, m_args['name'], member_data)
elif m_args['entry_state'] == 'absent':
changed_status = False
if change_description:
changed_status = modify_description(dev, module, m_args['name'],m_args['description'])
elif m_args['state'] == 'present' and m_args['members']:
module.fail_json(msg='This feature is eagerly awaiting to be developed')
else:
#Remove after members are implemented
module.fail_json(msg='Unknown error check arguments')
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(
argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
name=dict(required=True),
description=dict(required=False),
dst_port=dict(required=False),
src_port=dict(required=False),
icmp_type=dict(required=False),
icmp_code=dict(required=False),
state=dict(required=True, choices=['absent', 'present']),
protocol=dict(required=False, choices=[
'ah', 'eigrp','esp','gre','icmp','icmp6','igmp', 'igrp',
'ip', 'ipinip', 'ipsec', 'nos', 'ospf', 'pcp', 'pim',
'pptp', 'snp', 'tcp', 'udp',
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '10', '11',
'12', '13', '14', '15', '16', '17', '18', '19', '20', '21',
'22', '23', '24', '25', '26', '27', '28', '29', '30', '31',
'32', '33', '34', '35', '36', '37', '38', '39', '40', '41',
'42', '43', '44', '45', '46', '47', '48', '49', '50', '51',
'52', '53', '54', '55', '56', '57', '58', '59', '60', '61',
'62', '63', '64', '65', '66', '67', '68', '69', '70', '71',
'72', '73', '74', '75', '76', '77', '78', '79', '80', '81',
'82', '83', '84', '85', '86', '87', '88', '89', '90', '91',
'92', '93', '94', '95', '96', '97', '98', '99', '100', '101',
'102', '103', '104', '105', '106', '107', '108', '109', '110',
'111', '112', '113', '114', '115', '116', '117', '118', '119',
'120', '121', '122', '123', '124', '125', '126', '127', '128',
'129', '130', '131', '132', '133', '134', '135', '136', '137',
'138', '139', '140', '141', '142', '143', '144', '145', '146',
'147', '148', '149', '150', '151', '152', '153', '154', '155',
'156', '157', '158', '159', '160', '161', '162', '163', '164',
'165', '166', '167', '168', '169', '170', '171', '172', '173',
'174', '175', '176', '177', '178', '179', '180', '181', '182',
'183', '184', '185', '186', '187', '188', '189', '190', '191',
'192', '193', '194', '195', '196', '197', '198', '199', '200',
'201', '202', '203', '204', '205', '206', '207', '208', '209',
'210', '211', '212', '213', '214', '215', '216', '217', '218',
'219', '220', '221', '222', '223', '224', '225', '226', '227',
'228', '229', '230', '231', '232', '233', '234', '235', '236',
'237', '238', '239', '240', '241', '242', '243', '244', '245',
'246', '247', '248', '249', '250', '251', '252', '253', '254',
'255',]),
validate_certs=dict(required=False, choices=['no', 'yes'], default='yes'),
value=dict(required=False)),
required_together = ( ['category','value'],),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present":
if m_args['protocol'] == False:
module.fail_json(msg='Protocol not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(
device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs
)
if m_args['src_port'] and m_args['protocol'] not in protocols_using_ports:
module.fail_json(msg="Can't use source port with %s" % m_args['protocol'])
if m_args['dst_port'] and m_args['protocol'] not in protocols_using_ports:
module.fail_json(msg="Can't use destination port with %s" % m_args['protocol'])
# icmp -> ICMPServiceObj
# icmp6 -> object#ICMP6ServiceObj
if m_args['dst_port'] or m_args['src_port']:
kind = 'object#TcpUdpServiceObj'
elif m_args['protocol']:
kind = 'object#NetworkProtocolObj'
protocol = m_args['protocol']
try:
protocol = int(m_args['protocol'])
except:
pass
if isinstance(protocol, int):
protocol = ip_protocol_name[str(protocol)]
else:
kind = 'object#NetworkProtocolObj'
# Change to function to target source dest udp and tcp
if m_args['dst_port'] and m_args['protocol'] == 'tcp':
try:
int(m_args['dst_port'])
except:
if m_args['dst_port'] not in tcp_services.itervalues():
module.fail_json(msg='%s is not valid using tcp' % m_args['dst_port'])
if isinstance(m_args['dst_port'], int):
if 1 <= m_args['dst_port'] <= 65535:
m_args['dst_port'] = str(m_args['dst_port'])
else:
module.fail_json(msg='%s is not a valid tcp port' % m_args['dst_port'])
desired_data = {}
desired_data['name'] = m_args['name']
desired_data['objectId'] = m_args['name']
desired_data['kind'] = kind
if kind == 'object#NetworkProtocolObj':
desired_data['value'] = protocol
elif kind == 'object#TcpUdpServiceObj':
# Fix for source ports too
desired_data['value'] = '%s/%s' % (m_args['protocol'], m_args['dst_port'])
if m_args['description']:
desired_data['description'] = m_args['description']
try:
data = dev.get_serviceobject(m_args['name'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['name'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)
def main():
module = AnsibleModule(argument_spec=dict(
host=dict(required=True),
username=dict(required=True),
password=dict(required=True),
priority=dict(required=True),
state=dict(required=True, choices=['absent', 'present']),
authentication=dict(required=False, choices=['pre-share', 'rsa-sig']),
encryption=dict(
required=False,
choices=['des', '3des', 'aes-128', 'aes-192', 'aes-256']),
hash=dict(required=False, choices=['md5', 'sha']),
group=dict(required=False, choices=['1', '2', '5']),
validate_certs=dict(required=False,
choices=['no', 'yes'],
default='yes'),
lifetime=dict(required=False),
),
required_together=([
'authentication', 'encryption', 'hash', 'group',
'lifetime'
], ),
supports_check_mode=False)
m_args = module.params
if not has_rasa:
module.fail_json(msg='Missing required rasa module (check docs)')
if m_args['state'] == "present" and m_args['authentication'] == False:
module.fail_json(msg='Authentication mode not defined')
if m_args['validate_certs'] == 'yes':
validate_certs = True
else:
validate_certs = False
dev = ASA(device=m_args['host'],
username=m_args['username'],
password=m_args['password'],
verify_cert=validate_certs)
desired_data = {}
try:
priority = int(m_args['priority'])
except:
module.fail_json(msg='Priority has to be a number')
if 1 <= priority <= 65535:
#desired_data['priority'] = m_args['priority']
desired_data['priority'] = priority
desired_data['objectId'] = m_args['priority']
else:
module.fail_json(msg='Priority must be between 1 and 65535')
if m_args['state'] == "present":
try:
lifetime = int(m_args['lifetime'])
except:
module.fail_json(msg='Lifetime has to be a number')
if 120 <= lifetime <= 2147483647:
desired_data['lifetimeInSecs'] = lifetime
else:
module.fail_json(msg='Lifetime must be between 120 and 2147483647')
desired_data['authentication'] = m_args['authentication']
desired_data['encryption'] = m_args['encryption']
desired_data['hash'] = m_args['hash']
desired_data['dhgroup'] = int(m_args['group'])
desired_data['kind'] = 'object#ikev1policy'
desired_data['objectId'] = m_args['priority']
desired_data['selfLink'] = 'https://%s/api/vpn/ikev1policy/%s' % (
m_args['host'], m_args['priority'])
try:
data = dev.get_ikev1_policy(m_args['priority'])
except:
err = sys.exc_info()[0]
module.fail_json(msg='Unable to connect to device: %s' % err)
if data.status_code == 200:
if m_args['state'] == 'absent':
changed_status = delete_object(dev, module, m_args['priority'])
elif m_args['state'] == 'present':
matched = match_objects(data.json(), desired_data, module)
if matched:
changed_status = False
else:
changed_status = update_object(dev, module, desired_data)
elif data.status_code == 401:
module.fail_json(msg='Authentication error')
elif data.status_code == 404:
if m_args['state'] == 'absent':
changed_status = False
elif m_args['state'] == 'present':
changed_status = create_object(dev, module, desired_data)
else:
module.fail_json(msg="Unsupported return code %s" % data.status_code)
return_msg = {}
return_msg['changed'] = changed_status
module.exit_json(**return_msg)