示例#1
0
def run_module():
    # define available arguments/parameters a user can pass to the module
    argument_spec = vmanage_argument_spec()
    argument_spec.update(type=dict(type='str', required=False,
                                   default='all'), )

    # seed the result dict in the object
    # we primarily care about changed and state
    # change is if this module effectively modified the target
    # state will include any data that you want your module to pass back
    # for consumption, for example, in a subsequent task
    result = dict(changed=False, original_message='', message='')

    # the AnsibleModule object will be our abstraction working with Ansible
    # this includes instantiation, a couple of common attr would be the
    # args/params passed to the execution, as well as if the module
    # supports check mode
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=True,
    )
    vmanage = Vmanage(module)
    vmanage_central_policy = CentralPolicy(vmanage.auth, vmanage.host)

    vmanage.result[
        'central_policy'] = vmanage_central_policy.get_central_policy_dict()

    vmanage.exit_json(**vmanage.result)
示例#2
0
def central_policy(ctx, name):
    """
    Activate Central Policy
    """

    vmanage_central_policy = CentralPolicy(ctx.auth, ctx.host, ctx.port)
    central_policy_dict = vmanage_central_policy.get_central_policy_dict(
        remove_key=True)
    if name in central_policy_dict:
        click.echo(f'Activating Central Policy {name}')
        action_id = vmanage_central_policy.activate_central_policy(
            name, central_policy_dict[name]['policyId'])
        vmanage_central_policy.utilities.waitfor_action_completion(action_id)
    else:
        click.secho(f'Cannot find Central Policy {name}', fg="red")
def policy_activation():
    try:

        log_level = logging.DEBUG
        logger = get_logger("log/sdwan-te-integration.txt", log_level)

        if logger is not None:
            logger.info("Loading vManage login details from YAML\n")

        data = json.loads(request.data)

        with open("config_details.yaml") as f:
            config = yaml.safe_load(f.read())

        vmanage_host = config["vmanage_host"]
        vmanage_port = config["vmanage_port"]
        username = config["vmanage_username"]
        password = config["vmanage_password"]

        session = Authentication(host=vmanage_host,
                                 port=vmanage_port,
                                 user=username,
                                 password=password).login()

        name = config["central_policy_name"]

        vmanage_central_policy = CentralPolicy(session, vmanage_host,
                                               vmanage_port)
        central_policy_dict = vmanage_central_policy.get_central_policy_dict(
            remove_key=True)
        if name in central_policy_dict:
            print(f'Activating Central Policy {name}')
            action_id = vmanage_central_policy.activate_central_policy(
                name, central_policy_dict[name]['policyId'])
            utils = Utilities(session, vmanage_host, vmanage_port)
            utils.waitfor_action_completion(action_id)
        else:
            return jsonify(f'Cannot find Central Policy {name}'), 200

    except Exception as exc:
        print('Exception line number: {}'.format(sys.exc_info()[-1].tb_lineno),
              type(exc).__name__, exc)
        return jsonify(str(exc)), 500

    return jsonify(f'Activated Policy {name}'), 200
def central_policy(ctx, name, policy_id):
    """
    deactivate Central Policy
    """

    vmanage_central_policy = CentralPolicy(ctx.auth, ctx.host, ctx.port)
    central_policy_dict = vmanage_central_policy.get_central_policy_dict(remove_key=True)
    if policy_id:
        vmanage_central_policy.deactivate_central_policy(policy_id)
    elif name:
        if name in central_policy_dict:
            click.echo(f'Deactivating Central Policy {name}')
            action_id = vmanage_central_policy.deactivate_central_policy(central_policy_dict[name]['policyId'])
            vmanage_central_policy.waitfor_action_completion(action_id)
        else:
            click.secho(f'Cannot find Central Policy {name}', fg="red")
    else:
        click.secho('Must specify either policy name of id to deactivate', fg="red")
def central(ctx, name, json):  #pylint: disable=unused-argument
    """
    Show central policy information
    """
    central_policy = CentralPolicy(ctx.auth, ctx.host, ctx.port)
    policy_data = PolicyData(ctx.auth, ctx.host, ctx.port)
    pp = pprint.PrettyPrinter(indent=2)

    if name:
        central_policy_dict = central_policy.get_central_policy_dict()
        if name in central_policy_dict:
            if json:
                pp.pprint(central_policy_dict[name])
            else:
                preview = central_policy.get_central_policy_preview(central_policy_dict[name]['policyId'])
                pp.pprint(preview)
    else:
        central_policy_list = policy_data.export_central_policy_list()
        pp.pprint(central_policy_list)
示例#6
0
class PolicyData(object):
    """Methods that deal with importing, exporting, and manipulating data from policies.

    """
    def __init__(self, session, host, port=443):
        """Initialize Policy Method object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_lists = PolicyLists(self.session, self.host, self.port)
        self.policy_definitions = PolicyDefinitions(self.session, self.host, self.port)
        self.local_policy = LocalPolicy(self.session, self.host, self.port)
        self.central_policy = CentralPolicy(self.session, self.host, self.port)
        self.security_policy = SecurityPolicy(self.session, self.host, self.port)

    #pylint: disable=unused-argument
    def import_policy_list_list(self, policy_list_list, push=False, update=False, check_mode=False, force=False):
        """Import a list of policyies lists into vManage.  Object Names are translated to IDs.

        Args:
            policy_list_list: A list of polcies
            push (bool): Whether to push a change out
            update (bool): Whether to update when the list exists
            check_mode (bool): Report what updates would happen, but don't update

        Returns:
            result (dict): All data associated with a response.

        """

        # Policy Lists
        diff = []
        policy_list_updates = []
        #pylint: disable=too-many-nested-blocks
        for policy_list in policy_list_list:
            policy_list_dict = self.policy_lists.get_policy_list_dict(policy_list['type'],
                                                                      remove_key=False,
                                                                      cache=False)
            if policy_list['name'] in policy_list_dict:
                existing_list = policy_list_dict[policy_list['name']]
                diff_ignore = set(
                    ['listId', 'references', 'lastUpdated', 'activatedId', 'policyId', 'listId', 'isActivatedByVsmart'])
                diff = list(dictdiffer.diff(existing_list, policy_list, ignore=diff_ignore))
                if diff:
                    policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
                    policy_list['listId'] = policy_list_dict[policy_list['name']]['listId']
                    # If description is not specified, try to get it from the existing information
                    if not policy_list['description']:
                        policy_list['description'] = policy_list_dict[policy_list['name']]['description']
                    if not check_mode and update:
                        response = self.policy_lists.update_policy_list(policy_list)

                        if response['json']:
                            # Updating the policy list returns a `processId` that locks the list and 'masterTemplatesAffected'
                            # that lists the templates affected by the change.
                            if 'error' in response['json']:
                                raise Exception(response['json']['error']['message'])
                            elif 'processId' in response['json']:
                                if push:
                                    vmanage_device_templates = DeviceTemplates(self.session, self.host)
                                    # If told to push out the change, we need to reattach each template affected by the change
                                    for template_id in response['json']['masterTemplatesAffected']:
                                        vmanage_device_templates.reattach_device_template(template_id)
                            else:
                                raise Exception("Did not get a process id when updating policy list")
            else:
                diff = list(dictdiffer.diff({}, policy_list))
                policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
                if not check_mode:
                    self.policy_lists.add_policy_list(policy_list)

        return policy_list_updates

    def convert_list_name_to_id(self, name_list):
        """Convert policy list from names to IDs in object.

        Args:
            name_list (list): Object

        """
        if isinstance(name_list, dict):
            for key, value in list(name_list.items()):
                if key.endswith('List') and key != "signatureWhiteList":
                    t = key[0:len(key) - 4]
                    policy_list = self.policy_lists.get_policy_list_by_name(value, policy_list_type=t)
                    if policy_list:
                        name_list[key] = policy_list['listId']
                    else:
                        raise Exception(f"Could not find id for list {value}, type {t}")
                elif key.endswith('Lists'):
                    t = key[0:len(key) - 5]
                    new_list = []
                    for list_name in value:
                        policy_list = self.policy_lists.get_policy_list_by_name(list_name, policy_list_type=t)
                        if policy_list:
                            list_id = policy_list['listId']
                            new_list.append(list_id)
                        else:
                            raise Exception(f"Could not find id for list {list_name}, type {t}")
                    name_list[key] = new_list
                elif key.endswith('Zone'):
                    policy_list = self.policy_lists.get_policy_list_by_name(value, 'zone')
                    if policy_list:
                        name_list[key] = policy_list['listId']
                    else:
                        raise Exception(f"Could not find id for list {value}, type zone")
                elif key == 'listName':
                    if 'listType' in name_list:
                        policy_list = self.policy_lists.get_policy_list_by_name(name_list['listName'],
                                                                                policy_list_type=name_list['listType'])
                    else:
                        raise Exception(f"Could not find type for list {name_list['listName']}")
                    if policy_list and 'listId' in policy_list:
                        name_list['ref'] = policy_list['listId']
                        name_list.pop('listName')
                        name_list.pop('listType')
                    else:
                        raise Exception(
                            f"Could not find id for list {name_list['listName']}, type {name_list['listType']}")
                elif key == 'className':
                    if 'classType' in name_list:
                        policy_list = self.policy_lists.get_policy_list_by_name(name_list['className'],
                                                                                policy_list_type=name_list['classType'])
                    else:
                        raise Exception(f"Could not find type for list {name_list['className']}")
                    if policy_list and 'listId' in policy_list:
                        name_list['class'] = policy_list['listId']
                        name_list.pop('className')
                        name_list.pop('classType')
                    else:
                        raise Exception(
                            f"Could not find id for list {name_list['className']}, type {name_list['classType']}")
                else:
                    self.convert_list_name_to_id(value)
        elif isinstance(name_list, list):
            for item in name_list:
                self.convert_list_name_to_id(item)

    def convert_list_id_to_name(self, id_list):
        """Convert policy list from IDs to names in object.

        Args:
            id_list (list): Object

        """
        if isinstance(id_list, dict):
            for key, value in list(id_list.items()):
                if key.endswith('List') and key != "signatureWhiteList":
                    t = key[0:len(key) - 4]
                    val = value
                    if isinstance(value, list):
                        val = value[0]
                    policy_list = self.policy_lists.get_policy_list_by_id(val, policy_list_type=t)
                    if policy_list:
                        id_list[key] = policy_list['name']
                    else:
                        raise Exception(f"Could not find name for list id {val}, type {t}")
                elif key.endswith('Lists'):
                    t = key[0:len(key) - 5]
                    new_list = []
                    for list_id in value:
                        policy_list = self.policy_lists.get_policy_list_by_id(list_id, policy_list_type=t)
                        if policy_list:
                            list_name = policy_list['name']
                            new_list.append(list_name)
                        else:
                            raise Exception(f"Could not find name for list id {list_id}, type {t}")
                    id_list[key] = new_list
                elif key.endswith('Zone'):
                    policy_list = self.policy_lists.get_policy_list_by_id(value, 'zone')
                    if policy_list:
                        id_list[key] = policy_list['name']
                    else:
                        raise Exception(f"Could not find name for list {value}, type zone")
                elif key == 'ref':
                    policy_list = self.policy_lists.get_policy_list_by_id(id_list['ref'])
                    if policy_list:
                        id_list['listName'] = policy_list['name']
                        id_list['listType'] = policy_list['type']
                        id_list.pop('ref')
                    else:
                        raise Exception(f"Could not find name for list {id_list['ref']}")
                elif key == 'class':
                    policy_list = self.policy_lists.get_policy_list_by_id(id_list['class'])
                    if policy_list:
                        id_list['className'] = policy_list['name']
                        id_list['classType'] = policy_list['type']
                        id_list.pop('class')
                    else:
                        raise Exception(f"Could not find name for list {id_list['class']}")
                else:
                    self.convert_list_id_to_name(value)
        elif isinstance(id_list, list):
            for item in id_list:
                self.convert_list_id_to_name(item)

    def convert_sequences_to_id(self, sequence_list):
        """Convert sequence entries from IDs to names in object.

        Args:
            sequence_list (list): Sequence list

        """
        for sequence in sequence_list:
            if 'match' in sequence and 'entries' in sequence['match']:
                for entry in sequence['match']['entries']:
                    if 'listName' in entry:
                        policy_list_dict = self.policy_lists.get_policy_list_dict(entry['listType'])
                        if entry['listName'] in policy_list_dict:
                            entry['ref'] = policy_list_dict[entry['listName']]['listId']
                            entry.pop('listName')
                            entry.pop('listType')
                        else:
                            raise Exception("Could not find list {0} of type {1}".format(
                                entry['listName'], entry['listType']))

    def convert_definition_id_to_name(self, policy_definition):
        """Convert policy_definition from IDs to names in object.

        Args:
            policy_definition (list): Sequence list

        """
        if 'assembly' in policy_definition and policy_definition['assembly']:
            for assembly_item in policy_definition['assembly']:
                policy_definition_detail = self.policy_definitions.get_policy_definition(
                    assembly_item['type'].lower(), assembly_item['definitionId'])
                definition_id = assembly_item.pop('definitionId')
                if policy_definition_detail:
                    assembly_item['definitionName'] = policy_definition_detail['name']
                else:
                    raise Exception("Cannot find policy definition for {0}".format(definition_id))
                if 'entries' in assembly_item:
                    # Translate list IDs to names
                    self.convert_list_id_to_name(assembly_item['entries'])

    def convert_definition_name_to_id(self, policy_definition):
        """Convert policy_definition from names to IDs in object.

        Args:
            policy_definition (list): Sequence list

        """
        if 'assembly' in policy_definition and policy_definition['assembly']:
            for assembly_item in policy_definition['assembly']:
                definition_name = assembly_item.pop('definitionName')
                policy_definition_dict = self.policy_definitions.get_policy_definition_dict(assembly_item['type'])
                if definition_name in policy_definition_dict:
                    assembly_item['definitionId'] = policy_definition_dict[definition_name]['definitionId']
                else:
                    raise Exception("Cannot find policy definition {0}".format(definition_name))
                if 'entries' in assembly_item:
                    self.convert_list_name_to_id(assembly_item['entries'])

    def convert_policy_definition_to_name(self, policy_definition):
        """Convert policy_definition objects from IDs to names

        Args:
            policy_definition (list): Sequence list

        Returns:
            result (dict): The converted policy definition

        """
        converted_policy_definition = policy_definition
        if 'definition' in policy_definition:
            self.convert_list_id_to_name(policy_definition['definition'])
        if 'sequences' in policy_definition:
            self.convert_list_id_to_name(policy_definition['sequences'])
        if 'rules' in policy_definition:
            self.convert_list_id_to_name(policy_definition['rules'])

        return converted_policy_definition

    def convert_policy_definition_to_id(self, policy_definition):
        """Convert policy_definition objects from names to IDs

        Args:
            policy_definition (list): Sequence list

        Returns:
            result (dict): The converted policy definition

        """
        converted_policy_definition = policy_definition
        if 'definition' in policy_definition:
            self.convert_list_name_to_id(policy_definition['definition'])
        if 'sequences' in policy_definition:
            self.convert_list_name_to_id(policy_definition['sequences'])
        if 'rules' in policy_definition:
            self.convert_list_name_to_id(policy_definition['rules'])

        return converted_policy_definition

    def export_policy_definition_list(self, definition_type='all'):
        """Export Policy Definition Lists from vManage, translating IDs to Names.

        Args:
            definition_type (string): The type of Definition List to retreive

        Returns:
            response (list): A list of all definition lists currently
                in vManage.

        """

        policy_definition_list = self.policy_definitions.get_policy_definition_list(definition_type)
        export_definition_list = []
        for policy_definition in policy_definition_list:
            definition_detail = self.policy_definitions.get_policy_definition(policy_definition['type'],
                                                                              policy_definition['definitionId'])
            converted_policy_definition = self.convert_policy_definition_to_name(definition_detail)
            export_definition_list.append(converted_policy_definition)

        return export_definition_list

    #pylint: disable=unused-argument
    def import_policy_definition_list(self,
                                      policy_definition_list,
                                      update=False,
                                      push=False,
                                      check_mode=False,
                                      force=False):
        """Import Policy Definitions into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        policy_definition_updates = []
        for definition in policy_definition_list:
            policy_definition_dict = self.policy_definitions.get_policy_definition_dict(definition['type'],
                                                                                        remove_key=False)
            diff = []
            payload = {
                "name": definition['name'],
                "description": definition['description'],
                "type": definition['type'],
            }
            if 'defaultAction' in definition:
                payload.update({'defaultAction': definition['defaultAction']})
            if 'sequences' in definition:
                payload.update({'sequences': definition['sequences']})
            if 'definition' in definition:
                payload.update({'definition': definition['definition']})

            if definition['name'] in policy_definition_dict:
                existing_definition = self.convert_policy_definition_to_name(policy_definition_dict[definition['name']])
                # Just check the things that we care about changing.
                diff_ignore = set([
                    'lastUpdated', 'definitionId', 'referenceCount', 'references', 'owner', 'isActivatedByVsmart',
                    'infoTag', 'activatedId'
                ])
                diff = list(dictdiffer.diff(existing_definition, payload, ignore=diff_ignore))
                if diff:
                    converted_definition = self.convert_policy_definition_to_id(definition)
                    policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
                    if not check_mode and update:
                        self.policy_definitions.update_policy_definition(
                            converted_definition, policy_definition_dict[converted_definition['name']]['definitionId'])
                    policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
            else:
                # Policy definition does not exist
                diff = list(dictdiffer.diff({}, payload))
                policy_definition_updates.append({'name': definition['name'], 'diff': diff})
                converted_definition = self.convert_policy_definition_to_id(definition)
                if not check_mode:
                    self.policy_definitions.add_policy_definition(converted_definition)

        return policy_definition_updates

    def convert_policy_to_name(self, policy_item):
        """Convert policy items from IDs to names

        Args:
            definition_type (string): Policy item

        Returns:
            response (dict): The converted policy item

        """
        if 'policyDefinition' in policy_item:
            converted_policy_item = policy_item
            self.convert_definition_id_to_name(converted_policy_item['policyDefinition'])
            return converted_policy_item
        return policy_item

    def convert_policy_to_id(self, policy_item):
        """Convert policy items from names IDs

        Args:
            definition_type (string): Policy item

        Returns:
            response (dict): The converted policy item

        """
        if 'policyDefinition' in policy_item:
            converted_policy_item = policy_item
            self.convert_definition_name_to_id(converted_policy_item['policyDefinition'])
            return converted_policy_item
        return policy_item

    def export_local_policy_list(self):
        """Export Local Policies from vManage.  Object IDs are converted to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        export_policy_list = []
        local_policy_list = self.local_policy.get_local_policy_list()
        for local_policy in local_policy_list:
            converted_policy_definition = self.convert_policy_to_name(local_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    #pylint: disable=unused-argument
    def import_local_policy_list(self, local_policy_list, update=False, push=False, check_mode=False, force=False):
        """Import Local Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        local_policy_dict = self.local_policy.get_local_policy_dict(remove_key=False)
        diff = []
        local_policy_updates = []
        for local_policy in local_policy_list:
            payload = {'policyName': local_policy['policyName']}
            payload['policyDescription'] = local_policy['policyDescription']
            payload['policyType'] = local_policy['policyType']
            payload['policyDefinition'] = local_policy['policyDefinition']
            if payload['policyName'] in local_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(local_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'mastersAttached', 'policyDefinitionEdit',
                    'devicesAttached'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    print(diff)
                    local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
                    if 'policyDefinition' in payload:
                        self.convert_definition_name_to_id(payload['policyDefinition'])
                    if not check_mode and update:
                        self.local_policy.update_local_policy(payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
                if 'policyDefinition' in payload:
                    # Convert list and definition names to template IDs
                    self.convert_definition_name_to_id(payload['policyDefinition'])
                if not check_mode:
                    self.local_policy.add_local_policy(payload)
        return local_policy_updates

    def export_central_policy_list(self):
        """Export Central Policies from vManage, converting IDs to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """

        export_policy_list = []
        central_policy_list = self.central_policy.get_central_policy_list()
        for central_policy in central_policy_list:
            converted_policy_definition = self.convert_policy_to_name(central_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    #pylint: disable=unused-argument
    def import_central_policy_list(self, central_policy_list, update=False, push=False, check_mode=False, force=False):
        """Import Central Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        central_policy_dict = self.central_policy.get_central_policy_dict(remove_key=False)
        diff = []
        central_policy_updates = []
        for central_policy in central_policy_list:
            payload = {'policyName': central_policy['policyName']}
            payload['policyDescription'] = central_policy['policyDescription']
            payload['policyType'] = central_policy['policyType']
            payload['policyDefinition'] = central_policy['policyDefinition']
            if payload['policyName'] in central_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(central_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    if not check_mode and update:
                        self.central_policy.update_central_policy(converted_payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
                if not check_mode:
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    self.central_policy.add_central_policy(converted_payload)
        return central_policy_updates

    def export_security_policy_list(self):
        """Export Security Policies from vManage, converting IDs to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """

        export_policy_list = []
        security_policy_list = self.security_policy.get_security_policy_list()
        for security_policy in security_policy_list:
            converted_policy_definition = self.convert_policy_to_name(security_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    def import_security_policy_list(self,
                                    security_policy_list,
                                    update=False,
                                    push=False,
                                    check_mode=False,
                                    force=False):
        """Import Security Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        security_policy_dict = self.security_policy.get_security_policy_dict(remove_key=False)
        diff = []
        security_policy_updates = []
        for security_policy in security_policy_list:
            payload = {'policyName': security_policy['policyName']}
            payload['policyDescription'] = security_policy['policyDescription']
            payload['policyType'] = security_policy['policyType']
            payload['policyDefinition'] = security_policy['policyDefinition']
            if payload['policyName'] in security_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(security_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'policyDefinitionEdit', 'mastersAttached',
                    'devicesAttached', 'supportedDevices', 'virtualApplicationTemplates', 'policyUseCase'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    if not check_mode and update:
                        self.security_policy.update_security_policy(converted_payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
                if not check_mode:
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    self.security_policy.add_security_policy(converted_payload)
        return security_policy_updates
def run_module():
    # define available arguments/parameters a user can pass to the module
    argument_spec = vmanage_argument_spec()
    argument_spec.update(state=dict(type='str', choices=['absent', 'present', 'activated', 'deactivated'], default='present'),
                         name=dict(type='str', alias='policyName'),
                         description=dict(type='str', alias='policyDescription'),
                         definition=dict(type='str', alias='policyDefinition'),
                         type=dict(type='list', alias='policyType'),
                         wait=dict(type='bool', default=False),
                         update=dict(type='bool', default=False),
                         push=dict(type='bool', default=False),
                         aggregate=dict(type='list'),
                         )

    # seed the result dict in the object
    # we primarily care about changed and state
    # change is if this module effectively modified the target
    # state will include any data that you want your module to pass back
    # for consumption, for example, in a subsequent task
    result = dict(
        changed=False,
    )

    # the AnsibleModule object will be our abstraction working with Ansible
    # this includes instantiation, a couple of common attr would be the
    # args/params passed to the execution, as well as if the module
    # supports check mode
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
                           )
    vmanage = Vmanage(module)
    vmanage_central_policy = CentralPolicy(vmanage.auth, vmanage.host)

    # Always as an aggregate... make a list if just given a single entry
    if vmanage.params['aggregate']:
        policy_list = vmanage.params['aggregate']
    else:
        if vmanage.params['state'] == 'present':
            policy_list = [
                {
                    'policyName': vmanage.params['name'],
                    'policyDescription': vmanage.params['description'],
                    'policyType': vmanage.params['type'],
                    'policyDefinition': vmanage.params['definition'],
                }
            ]
        else:
            policy_list = [
                {
                    'policyName': vmanage.params['name'],
                    'state': 'absent'
                }
            ]

    central_policy_updates = []
    if vmanage.params['state'] == 'present':
        central_policy_updates = vmanage_central_policy.import_central_policy_list(
            policy_list,
            check_mode=module.check_mode,
            update=vmanage.params['update'],
            push=vmanage.params['push']
        )
        if central_policy_updates:
            vmanage.result['changed'] = True
    elif vmanage.params['state'] == 'absent':
        central_policy_dict = vmanage_central_policy.get_central_policy_dict(remove_key=False)
        for policy in policy_list:
            if policy in central_policy_dict:
                if not module.check_mode:
                    vmanage_central_policy.delete_central_policy(central_policy_dict[policy['policyName']]['policyId'])
                vmanage.result['changed'] = True
    elif vmanage.params['state'] == 'activated':
        central_policy_dict = vmanage_central_policy.get_central_policy_dict(remove_key=False)
        if vmanage.params['name'] in central_policy_dict:
            if not central_policy_dict[vmanage.params['name']]['isPolicyActivated']:
                vmanage.result['changed'] = True
                if not module.check_mode:
                    action_id = vmanage_central_policy.activate_central_policy(vmanage.params['name'],
                                                                               central_policy_dict[vmanage.params['name']]['policyId'])
                    if action_id:
                        if vmanage.params['wait']:
                            vmanage_central_policy.waitfor_action_completion(action_id)
                    else:
                        vmanage.fail_json(msg='Did not get action ID after attaching device to template.')

        else:
            # TODO: The reference to 'policy' in the following line is wrong. What should it be?
            vmanage.fail_json(msg="Cannot find central policy {0}".format(vmanage.params['name']))
    if vmanage.params['state'] in ['absent', 'deactivated']:
        central_policy_dict = vmanage_central_policy.get_central_policy_dict(remove_key=False)
        if policy['policyName'] in central_policy_dict:
            if central_policy_dict[policy['policyName']]['isPolicyActivated']:
                vmanage.result['changed'] = True
                if not module.check_mode:
                    action_id = vmanage_central_policy.deactivate_central_policy(vmanage.params['name'])
                    if action_id:
                        if vmanage.params['wait']:
                            vmanage_central_policy.waitfor_action_completion(action_id)
                    else:
                        vmanage.fail_json(msg='Did not get action ID after attaching device to template.')
        else:
            vmanage.fail_json(msg="Cannot find central policy {0}".format(policy['policyName']))

    vmanage.params['updates'] = central_policy_updates
    vmanage.exit_json(**vmanage.result)