Add fw via panorama connectivity to panos connection (#52954)
* Add fw via panorama connectivity to panos connection * updating panos connection as per review comments * Fixing when 'provider' isn't specified, adding deprecation warning when classic provider params are used
This commit is contained in:
parent
d7a273273a
commit
8ac22098d9
1 changed files with 33 additions and 14 deletions
|
@ -34,6 +34,7 @@ HAS_PANDEVICE = True
|
||||||
try:
|
try:
|
||||||
import pandevice
|
import pandevice
|
||||||
from pandevice.base import PanDevice
|
from pandevice.base import PanDevice
|
||||||
|
from pandevice.firewall import Firewall
|
||||||
from pandevice.panorama import DeviceGroup, Template, TemplateStack
|
from pandevice.panorama import DeviceGroup, Template, TemplateStack
|
||||||
from pandevice.policies import PreRulebase, PostRulebase, Rulebase
|
from pandevice.policies import PreRulebase, PostRulebase, Rulebase
|
||||||
from pandevice.device import Vsys
|
from pandevice.device import Vsys
|
||||||
|
@ -95,21 +96,32 @@ class ConnectionHelper(object):
|
||||||
'pandevice', pandevice.__version__,
|
'pandevice', pandevice.__version__,
|
||||||
_vstr(self.min_pandevice_version)))
|
_vstr(self.min_pandevice_version)))
|
||||||
|
|
||||||
d, host_arg = None, None
|
pan_device_auth, serial_number = None, None
|
||||||
if module.params['provider'] and module.params['provider']['host']:
|
if module.params['provider'] and module.params['provider']['ip_address']:
|
||||||
d = module.params['provider']
|
pan_device_auth = (
|
||||||
host_arg = 'host'
|
module.params['provider']['ip_address'],
|
||||||
elif module.params['ip_address'] is not None:
|
module.params['provider']['username'],
|
||||||
d = module.params
|
module.params['provider']['password'],
|
||||||
host_arg = 'ip_address'
|
module.params['provider']['api_key'],
|
||||||
|
module.params['provider']['port'],
|
||||||
|
)
|
||||||
|
serial_number = module.params['provider']['serial_number']
|
||||||
|
elif module.params.get('ip_address', None) is not None:
|
||||||
|
pan_device_auth = (
|
||||||
|
module.params['ip_address'],
|
||||||
|
module.params['username'],
|
||||||
|
module.params['password'],
|
||||||
|
module.params['api_key'],
|
||||||
|
module.params['port'],
|
||||||
|
)
|
||||||
|
msg = 'Classic provider params are deprecated; use "provider" instead'
|
||||||
|
module.deprecate(msg, '2.12')
|
||||||
else:
|
else:
|
||||||
module.fail_json(msg='New or classic provider params are required.')
|
module.fail_json(msg='Provider params are required.')
|
||||||
|
|
||||||
# Create the connection object.
|
# Create the connection object.
|
||||||
try:
|
try:
|
||||||
self.device = PanDevice.create_from_device(
|
self.device = PanDevice.create_from_device(*pan_device_auth)
|
||||||
d[host_arg], d['username'], d['password'],
|
|
||||||
d['api_key'], d['port'])
|
|
||||||
except PanDeviceError as e:
|
except PanDeviceError as e:
|
||||||
module.fail_json(msg='Failed connection: {0}'.format(e))
|
module.fail_json(msg='Failed connection: {0}'.format(e))
|
||||||
|
|
||||||
|
@ -120,6 +132,12 @@ class ConnectionHelper(object):
|
||||||
'PAN-OS', _vstr(self.device._version_info),
|
'PAN-OS', _vstr(self.device._version_info),
|
||||||
_vstr(self.min_panos_version)))
|
_vstr(self.min_panos_version)))
|
||||||
|
|
||||||
|
# Optional: Firewall via Panorama connectivity specified.
|
||||||
|
if hasattr(self.device, 'refresh_devices') and serial_number:
|
||||||
|
fw = Firewall(serial=serial_number)
|
||||||
|
self.device.add(fw)
|
||||||
|
self.device = fw
|
||||||
|
|
||||||
parent = self.device
|
parent = self.device
|
||||||
not_found = '{0} "{1}" is not present.'
|
not_found = '{0} "{1}" is not present.'
|
||||||
pano_mia_param = 'Param "{0}" is required for Panorama but not specified.'
|
pano_mia_param = 'Param "{0}" is required for Panorama but not specified.'
|
||||||
|
@ -221,7 +239,7 @@ class ConnectionHelper(object):
|
||||||
# Spec: vsys or vsys_dg or vsys_importable.
|
# Spec: vsys or vsys_dg or vsys_importable.
|
||||||
vsys_name = self.vsys_dg or self.vsys or self.vsys_importable
|
vsys_name = self.vsys_dg or self.vsys or self.vsys_importable
|
||||||
if vsys_name is not None:
|
if vsys_name is not None:
|
||||||
self.device.vsys = module.params[vsys_name]
|
parent.vsys = module.params[vsys_name]
|
||||||
|
|
||||||
# Spec: rulebase.
|
# Spec: rulebase.
|
||||||
if self.rulebase is not None:
|
if self.rulebase is not None:
|
||||||
|
@ -294,18 +312,19 @@ def get_connection(vsys=None, device_group=None,
|
||||||
'type': 'dict',
|
'type': 'dict',
|
||||||
'required_one_of': [['password', 'api_key'], ],
|
'required_one_of': [['password', 'api_key'], ],
|
||||||
'options': {
|
'options': {
|
||||||
'host': {'required': True},
|
'ip_address': {'required': True},
|
||||||
'username': {'default': 'admin'},
|
'username': {'default': 'admin'},
|
||||||
'password': {'no_log': True},
|
'password': {'no_log': True},
|
||||||
'api_key': {'no_log': True},
|
'api_key': {'no_log': True},
|
||||||
'port': {'default': 443, 'type': 'int'},
|
'port': {'default': 443, 'type': 'int'},
|
||||||
|
'serial_number': {'no_log': True},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
if with_classic_provider_spec:
|
if with_classic_provider_spec:
|
||||||
spec['provider']['required'] = False
|
spec['provider']['required'] = False
|
||||||
spec['provider']['options']['host']['required'] = False
|
spec['provider']['options']['ip_address']['required'] = False
|
||||||
del(spec['provider']['required_one_of'])
|
del(spec['provider']['required_one_of'])
|
||||||
spec.update({
|
spec.update({
|
||||||
'ip_address': {'required': False},
|
'ip_address': {'required': False},
|
||||||
|
|
Loading…
Add table
Reference in a new issue