diff --git a/lib/ansible/modules/network/nxos/nxos_acl.py b/lib/ansible/modules/network/nxos/nxos_acl.py index f7aab58b3fa..8a9f1692a5b 100644 --- a/lib/ansible/modules/network/nxos/nxos_acl.py +++ b/lib/ansible/modules/network/nxos/nxos_acl.py @@ -44,7 +44,8 @@ options: seq: description: - sequence number of the entry (ACE) - required: true + required: false + default: null name: description: - Case sensitive name of the access list (ACL) @@ -52,7 +53,8 @@ options: action: description: - action of the ACE - required: true + required: false + default: null choices: ['permit', 'deny', 'remark'] remark: description: @@ -62,11 +64,13 @@ options: proto: description: - port number or protocol (as supported by the switch) - required: true + required: false + default: null src: description: - src ip and mask using IP/MASK notation and supports keyword 'any' - required: true + required: false + default: null src_port_op: description: - src port operands such as eq, neq, gt, lt, range @@ -88,7 +92,8 @@ options: description: - dest ip and mask using IP/MASK notation and supports the keyword 'any' - required: true + required: false + default: null default: null dest_port_op: description: @@ -220,11 +225,6 @@ end_state: type: dict sample: {"action": "permit", "dest": "any", "name": "ANSIBLE", "proto": "tcp", "seq": "10", "src": "1.1.1.1/24"} -state: - description: state as sent in from the playbook - returned: always - type: string - sample: "present" updates: description: commands sent to the device returned: always @@ -245,9 +245,14 @@ import time import collections import itertools import shlex -import itertools +import json +from ansible.module_utils.basic import AnsibleModule, env_fallback, get_exception from ansible.module_utils.basic import BOOLEANS_TRUE, BOOLEANS_FALSE +from ansible.module_utils.shell import Shell, ShellError, HAS_PARAMIKO +from ansible.module_utils.netcfg import parse +from ansible.module_utils.urls import fetch_url + DEFAULT_COMMENT_TOKENS = ['#', '!'] @@ -615,14 +620,282 @@ def argument_spec(): ) nxos_argument_spec = argument_spec() -def get_config(module): + +NET_PASSWD_RE = re.compile(r"[\r\n]?password: $", re.I) + +NET_COMMON_ARGS = dict( + host=dict(required=True), + port=dict(type='int'), + username=dict(fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])), + password=dict(no_log=True, fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD'])), + ssh_keyfile=dict(fallback=(env_fallback, ['ANSIBLE_NET_SSH_KEYFILE']), type='path'), + transport=dict(default='cli', choices=['cli', 'nxapi']), + use_ssl=dict(default=False, type='bool'), + validate_certs=dict(default=True, type='bool'), + provider=dict(type='dict'), + timeout=dict(default=10, type='int') +) + +NXAPI_COMMAND_TYPES = ['cli_show', 'cli_show_ascii', 'cli_conf', 'bash'] + +NXAPI_ENCODINGS = ['json', 'xml'] + +CLI_PROMPTS_RE = [ + re.compile(r'[\r\n]?[a-zA-Z]{1}[a-zA-Z0-9-]*[>|#|%](?:\s*)$'), + re.compile(r'[\r\n]?[a-zA-Z]{1}[a-zA-Z0-9-]*\(.+\)#(?:\s*)$') +] + +CLI_ERRORS_RE = [ + re.compile(r"% ?Error"), + re.compile(r"^% \w+", re.M), + re.compile(r"% ?Bad secret"), + re.compile(r"invalid input", re.I), + re.compile(r"(?:incomplete|ambiguous) command", re.I), + re.compile(r"connection timed out", re.I), + re.compile(r"[^\r\n]+ not found", re.I), + re.compile(r"'[^']' +returned error code: ?\d+"), + re.compile(r"syntax error"), + re.compile(r"unknown command") +] + + +def to_list(val): + if isinstance(val, (list, tuple)): + return list(val) + elif val is not None: + return [val] + else: + return list() + + +class Nxapi(object): + + def __init__(self, module): + self.module = module + + # sets the module_utils/urls.py req parameters + self.module.params['url_username'] = module.params['username'] + self.module.params['url_password'] = module.params['password'] + + self.url = None + self._nxapi_auth = None + + def _get_body(self, commands, command_type, encoding, version='1.0', chunk='0', sid=None): + """Encodes a NXAPI JSON request message + """ + if isinstance(commands, (list, set, tuple)): + commands = ' ;'.join(commands) + + if encoding not in NXAPI_ENCODINGS: + msg = 'invalid encoding, received %s, exceped one of %s' % \ + (encoding, ','.join(NXAPI_ENCODINGS)) + self.module_fail_json(msg=msg) + + msg = { + 'version': version, + 'type': command_type, + 'chunk': chunk, + 'sid': sid, + 'input': commands, + 'output_format': encoding + } + return dict(ins_api=msg) + + def connect(self): + host = self.module.params['host'] + port = self.module.params['port'] + + if self.module.params['use_ssl']: + proto = 'https' + if not port: + port = 443 + else: + proto = 'http' + if not port: + port = 80 + + self.url = '%s://%s:%s/ins' % (proto, host, port) + + def send(self, commands, command_type='cli_show_ascii', encoding='json'): + """Send commands to the device. + """ + clist = to_list(commands) + + if command_type not in NXAPI_COMMAND_TYPES: + msg = 'invalid command_type, received %s, exceped one of %s' % \ + (command_type, ','.join(NXAPI_COMMAND_TYPES)) + self.module_fail_json(msg=msg) + + data = self._get_body(clist, command_type, encoding) + data = self.module.jsonify(data) + + headers = {'Content-Type': 'application/json'} + if self._nxapi_auth: + headers['Cookie'] = self._nxapi_auth + + response, headers = fetch_url(self.module, self.url, data=data, + headers=headers, method='POST') + + self._nxapi_auth = headers.get('set-cookie') + + if headers['status'] != 200: + self.module.fail_json(**headers) + + response = self.module.from_json(response.read()) + result = list() + + output = response['ins_api']['outputs']['output'] + for item in to_list(output): + if item['code'] != '200': + self.module.fail_json(**item) + else: + result.append(item['body']) + + return result + + +class Cli(object): + + def __init__(self, module): + self.module = module + self.shell = None + + def connect(self, **kwargs): + host = self.module.params['host'] + port = self.module.params['port'] or 22 + + username = self.module.params['username'] + password = self.module.params['password'] + timeout = self.module.params['timeout'] + key_filename = self.module.params['ssh_keyfile'] + + allow_agent = (key_filename is not None) or (key_filename is None and password is None) + + try: + self.shell = Shell(kickstart=False, prompts_re=CLI_PROMPTS_RE, + errors_re=CLI_ERRORS_RE) + self.shell.open(host, port=port, username=username, + password=password, key_filename=key_filename, + allow_agent=allow_agent, timeout=timeout) + except ShellError: + e = get_exception() + msg = 'failed to connect to %s:%s - %s' % (host, port, str(e)) + self.module.fail_json(msg=msg) + + def send(self, commands, encoding='text'): + try: + return self.shell.send(commands) + except ShellError: + e = get_exception() + self.module.fail_json(msg=e.message, commands=commands) + + +class NetworkModule(AnsibleModule): + + def __init__(self, *args, **kwargs): + super(NetworkModule, self).__init__(*args, **kwargs) + self.connection = None + self._config = None + self._connected = False + + @property + def connected(self): + return self._connected + + @property + def config(self): + if not self._config: + self._config = self.get_config() + return self._config + + def _load_params(self): + super(NetworkModule, self)._load_params() + provider = self.params.get('provider') or dict() + for key, value in provider.items(): + if key in NET_COMMON_ARGS: + if self.params.get(key) is None and value is not None: + self.params[key] = value + + def connect(self): + cls = globals().get(str(self.params['transport']).capitalize()) + try: + self.connection = cls(self) + except TypeError: + e = get_exception() + self.fail_json(msg=e.message) + + self.connection.connect() + + if self.params['transport'] == 'cli': + self.connection.send('terminal length 0') + + self._connected = True + + def configure(self, commands): + commands = to_list(commands) + if self.params['transport'] == 'cli': + return self.configure_cli(commands) + else: + return self.execute(commands, command_type='cli_conf') + + def configure_cli(self, commands): + commands = to_list(commands) + commands.insert(0, 'configure') + responses = self.execute(commands) + responses.pop(0) + return responses + + def execute(self, commands, **kwargs): + if not self.connected: + self.connect() + return self.connection.send(commands, **kwargs) + + def disconnect(self): + self.connection.close() + self._connected = False + + def parse_config(self, cfg): + return parse(cfg, indent=2) + + def get_config(self): + cmd = 'show running-config' + if self.params.get('include_defaults'): + cmd += ' all' + response = self.execute(cmd) + return response[0] + + +def get_module(**kwargs): + """Return instance of NetworkModule + """ + argument_spec = NET_COMMON_ARGS.copy() + if kwargs.get('argument_spec'): + argument_spec.update(kwargs['argument_spec']) + kwargs['argument_spec'] = argument_spec + + module = NetworkModule(**kwargs) + + if module.params['transport'] == 'cli' and not HAS_PARAMIKO: + module.fail_json(msg='paramiko is required but does not appear to be installed') + + return module + + +def custom_get_config(module, include_defaults=False): config = module.params['running_config'] if not config: - config = module.get_config() + cmd = 'show running-config' + if module.params['include_defaults']: + cmd += ' all' + if module.params['transport'] == 'nxapi': + config = module.execute([cmd], command_type='cli_show_ascii')[0] + else: + config = module.execute([cmd])[0] + return CustomNetworkConfig(indent=2, contents=config) def load_config(module, candidate): - config = get_config(module) + config = custom_get_config(module) commands = candidate.difference(config) commands = [str(c).strip() for c in commands] @@ -643,7 +916,6 @@ def load_config(module, candidate): return result # END OF COMMON CODE - def get_cli_body_ssh(command, response, module): """Get response for when transport=cli. This is kind of a hack and mainly needed because these modules were originally written for NX-API. And @@ -858,16 +1130,16 @@ def execute_config_command(commands, module): def main(): argument_spec = dict( - seq=dict(required=True, type='str'), + seq=dict(required=False, type='str'), name=dict(required=True, type='str'), - action=dict(required=True, choices=['remark', 'permit', 'deny']), + action=dict(required=False, choices=['remark', 'permit', 'deny']), remark=dict(requried=False, type='str'), - proto=dict(required=True, type='str'), - src=dict(required=True, type='str'), + proto=dict(required=False, type='str'), + src=dict(required=False, type='str'), src_port_op=dict(required=False), src_port1=dict(required=False, type='str'), src_port2=dict(required=False, type='str'), - dest=dict(required=True, type='str'), + dest=dict(required=False, type='str'), dest_port_op=dict(required=False), dest_port1=dict(required=False, type='str'), dest_port2=dict(required=False, type='str'), @@ -1018,7 +1290,6 @@ def main(): results['proposed'] = proposed results['existing'] = existing_core - results['state'] = state results['changed'] = changed results['updates'] = cmds results['end_state'] = end_state @@ -1026,10 +1297,5 @@ def main(): module.exit_json(**results) -from ansible.module_utils.basic import * -from ansible.module_utils.urls import * -from ansible.module_utils.shell import * -from ansible.module_utils.netcfg import * -from ansible.module_utils.nxos import * if __name__ == '__main__': main()