cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add fw via panorama connectivity to panos connection (#52954)

Browse source 
* Add fw via panorama connectivity to panos connection

* updating panos connection as per review comments

* Fixing when 'provider' isn't specified, adding deprecation warning when classic provider params are used
This commit is contained in:
Garfield Lee Freeman 2019-03-25 07:18:45 -07:00 committed by Sumit Jaiswal
parent d7a273273a
commit 8ac22098d9
1 changed files with 33 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
lib/ansible/module_utils/network/panos/panos.py
View file

@ -34,6 +34,7 @@ HAS_PANDEVICE = True
try:
import pandevice
from pandevice.base import PanDevice
from pandevice.firewall import Firewall
from pandevice.panorama import DeviceGroup, Template, TemplateStack
from pandevice.policies import PreRulebase, PostRulebase, Rulebase
from pandevice.device import Vsys
@ -95,21 +96,32 @@ class ConnectionHelper(object):
'pandevice', pandevice.__version__,
_vstr(self.min_pandevice_version)))
d, host_arg = None, None
if module.params['provider'] and module.params['provider']['host']:
d = module.params['provider']
host_arg = 'host'
elif module.params['ip_address'] is not None:
d = module.params
host_arg = 'ip_address'
pan_device_auth, serial_number = None, None
if module.params['provider'] and module.params['provider']['ip_address']:
pan_device_auth = (
module.params['provider']['ip_address'],
module.params['provider']['username'],
module.params['provider']['password'],
module.params['provider']['api_key'],
module.params['provider']['port'],
)
serial_number = module.params['provider']['serial_number']
elif module.params.get('ip_address', None) is not None:
pan_device_auth = (
module.params['ip_address'],
module.params['username'],
module.params['password'],
module.params['api_key'],
module.params['port'],
)
msg = 'Classic provider params are deprecated; use "provider" instead'
module.deprecate(msg, '2.12')
else:
module.fail_json(msg='New or classic provider params are required.')
module.fail_json(msg='Provider params are required.')
# Create the connection object.
try:
self.device = PanDevice.create_from_device(
d[host_arg], d['username'], d['password'],
d['api_key'], d['port'])
self.device = PanDevice.create_from_device(*pan_device_auth)
except PanDeviceError as e:
module.fail_json(msg='Failed connection: {0}'.format(e))
@ -120,6 +132,12 @@ class ConnectionHelper(object):
'PAN-OS', _vstr(self.device._version_info),
_vstr(self.min_panos_version)))
# Optional: Firewall via Panorama connectivity specified.
if hasattr(self.device, 'refresh_devices') and serial_number:
fw = Firewall(serial=serial_number)
self.device.add(fw)
self.device = fw
parent = self.device
not_found = '{0} "{1}" is not present.'
pano_mia_param = 'Param "{0}" is required for Panorama but not specified.'
@ -221,7 +239,7 @@ class ConnectionHelper(object):
# Spec: vsys or vsys_dg or vsys_importable.
vsys_name = self.vsys_dg or self.vsys or self.vsys_importable
if vsys_name is not None:
self.device.vsys = module.params[vsys_name]
parent.vsys = module.params[vsys_name]
# Spec: rulebase.
if self.rulebase is not None:
@ -294,18 +312,19 @@ def get_connection(vsys=None, device_group=None,
'type': 'dict',
'required_one_of': [['password', 'api_key'], ],
'options': {
'host': {'required': True},
'ip_address': {'required': True},
'username': {'default': 'admin'},
'password': {'no_log': True},
'api_key': {'no_log': True},
'port': {'default': 443, 'type': 'int'},
'serial_number': {'no_log': True},
},
},
}
if with_classic_provider_spec:
spec['provider']['required'] = False
spec['provider']['options']['host']['required'] = False
spec['provider']['options']['ip_address']['required'] = False
del(spec['provider']['required_one_of'])
spec.update({
'ip_address': {'required': False},