Add fw via panorama connectivity to panos connection ()

* Add fw via panorama connectivity to panos connection

* updating panos connection as per review comments

* Fixing when 'provider' isn't specified, adding deprecation warning when classic provider params are used
This commit is contained in:
Garfield Lee Freeman 2019-03-25 07:18:45 -07:00 committed by Sumit Jaiswal
parent d7a273273a
commit 8ac22098d9

View file

@ -34,6 +34,7 @@ HAS_PANDEVICE = True
try: try:
import pandevice import pandevice
from pandevice.base import PanDevice from pandevice.base import PanDevice
from pandevice.firewall import Firewall
from pandevice.panorama import DeviceGroup, Template, TemplateStack from pandevice.panorama import DeviceGroup, Template, TemplateStack
from pandevice.policies import PreRulebase, PostRulebase, Rulebase from pandevice.policies import PreRulebase, PostRulebase, Rulebase
from pandevice.device import Vsys from pandevice.device import Vsys
@ -95,21 +96,32 @@ class ConnectionHelper(object):
'pandevice', pandevice.__version__, 'pandevice', pandevice.__version__,
_vstr(self.min_pandevice_version))) _vstr(self.min_pandevice_version)))
d, host_arg = None, None pan_device_auth, serial_number = None, None
if module.params['provider'] and module.params['provider']['host']: if module.params['provider'] and module.params['provider']['ip_address']:
d = module.params['provider'] pan_device_auth = (
host_arg = 'host' module.params['provider']['ip_address'],
elif module.params['ip_address'] is not None: module.params['provider']['username'],
d = module.params module.params['provider']['password'],
host_arg = 'ip_address' module.params['provider']['api_key'],
module.params['provider']['port'],
)
serial_number = module.params['provider']['serial_number']
elif module.params.get('ip_address', None) is not None:
pan_device_auth = (
module.params['ip_address'],
module.params['username'],
module.params['password'],
module.params['api_key'],
module.params['port'],
)
msg = 'Classic provider params are deprecated; use "provider" instead'
module.deprecate(msg, '2.12')
else: else:
module.fail_json(msg='New or classic provider params are required.') module.fail_json(msg='Provider params are required.')
# Create the connection object. # Create the connection object.
try: try:
self.device = PanDevice.create_from_device( self.device = PanDevice.create_from_device(*pan_device_auth)
d[host_arg], d['username'], d['password'],
d['api_key'], d['port'])
except PanDeviceError as e: except PanDeviceError as e:
module.fail_json(msg='Failed connection: {0}'.format(e)) module.fail_json(msg='Failed connection: {0}'.format(e))
@ -120,6 +132,12 @@ class ConnectionHelper(object):
'PAN-OS', _vstr(self.device._version_info), 'PAN-OS', _vstr(self.device._version_info),
_vstr(self.min_panos_version))) _vstr(self.min_panos_version)))
# Optional: Firewall via Panorama connectivity specified.
if hasattr(self.device, 'refresh_devices') and serial_number:
fw = Firewall(serial=serial_number)
self.device.add(fw)
self.device = fw
parent = self.device parent = self.device
not_found = '{0} "{1}" is not present.' not_found = '{0} "{1}" is not present.'
pano_mia_param = 'Param "{0}" is required for Panorama but not specified.' pano_mia_param = 'Param "{0}" is required for Panorama but not specified.'
@ -221,7 +239,7 @@ class ConnectionHelper(object):
# Spec: vsys or vsys_dg or vsys_importable. # Spec: vsys or vsys_dg or vsys_importable.
vsys_name = self.vsys_dg or self.vsys or self.vsys_importable vsys_name = self.vsys_dg or self.vsys or self.vsys_importable
if vsys_name is not None: if vsys_name is not None:
self.device.vsys = module.params[vsys_name] parent.vsys = module.params[vsys_name]
# Spec: rulebase. # Spec: rulebase.
if self.rulebase is not None: if self.rulebase is not None:
@ -294,18 +312,19 @@ def get_connection(vsys=None, device_group=None,
'type': 'dict', 'type': 'dict',
'required_one_of': [['password', 'api_key'], ], 'required_one_of': [['password', 'api_key'], ],
'options': { 'options': {
'host': {'required': True}, 'ip_address': {'required': True},
'username': {'default': 'admin'}, 'username': {'default': 'admin'},
'password': {'no_log': True}, 'password': {'no_log': True},
'api_key': {'no_log': True}, 'api_key': {'no_log': True},
'port': {'default': 443, 'type': 'int'}, 'port': {'default': 443, 'type': 'int'},
'serial_number': {'no_log': True},
}, },
}, },
} }
if with_classic_provider_spec: if with_classic_provider_spec:
spec['provider']['required'] = False spec['provider']['required'] = False
spec['provider']['options']['host']['required'] = False spec['provider']['options']['ip_address']['required'] = False
del(spec['provider']['required_one_of']) del(spec['provider']['required_one_of'])
spec.update({ spec.update({
'ip_address': {'required': False}, 'ip_address': {'required': False},