fixes a number of nagging issues in asa_acl due to refactoring
* fixes issues with import error * removes need for filter attribute in Cli instance * now filters config either from device or provided via config argument ref: #2890
This commit is contained in:
parent
e44376eda8
commit
961d461f7b
1 changed files with 33 additions and 13 deletions
|
@ -96,6 +96,16 @@ options:
|
||||||
"""
|
"""
|
||||||
|
|
||||||
EXAMPLES = """
|
EXAMPLES = """
|
||||||
|
# Note: examples below use the following provider dict to handle
|
||||||
|
# transport and authentication to the node.
|
||||||
|
vars:
|
||||||
|
cli:
|
||||||
|
host: "{{ inventory_hostname }}"
|
||||||
|
username: cisco
|
||||||
|
password: cisco
|
||||||
|
transport: cli
|
||||||
|
authorize: yes
|
||||||
|
auth_pass: cisco
|
||||||
|
|
||||||
- asa_acl:
|
- asa_acl:
|
||||||
lines:
|
lines:
|
||||||
|
@ -107,12 +117,14 @@ EXAMPLES = """
|
||||||
before: clear configure access-list ACL-ANSIBLE
|
before: clear configure access-list ACL-ANSIBLE
|
||||||
match: strict
|
match: strict
|
||||||
replace: block
|
replace: block
|
||||||
|
provider: "{{ cli }}"
|
||||||
|
|
||||||
- asa_acl:
|
- asa_acl:
|
||||||
lines:
|
lines:
|
||||||
- access-list ACL-OUTSIDE extended permit tcp any any eq www
|
- access-list ACL-OUTSIDE extended permit tcp any any eq www
|
||||||
- access-list ACL-OUTSIDE extended permit tcp any any eq https
|
- access-list ACL-OUTSIDE extended permit tcp any any eq https
|
||||||
context: customer_a
|
context: customer_a
|
||||||
|
provider: "{{ cli }}"
|
||||||
"""
|
"""
|
||||||
|
|
||||||
RETURN = """
|
RETURN = """
|
||||||
|
@ -130,25 +142,30 @@ responses:
|
||||||
"""
|
"""
|
||||||
import ansible.module_utils.asa
|
import ansible.module_utils.asa
|
||||||
|
|
||||||
from ansible.module_utils.netcfg import NetworkConfig
|
|
||||||
from ansible.module_utils.network import NetworkModule
|
from ansible.module_utils.network import NetworkModule
|
||||||
|
from ansible.module_utils.netcfg import NetworkConfig, dumps
|
||||||
|
|
||||||
|
|
||||||
def get_config(module):
|
def get_config(module, acl_name):
|
||||||
config = module.params['config'] or dict()
|
contents = module.params['config']
|
||||||
if not config and not module.params['force']:
|
if not contents:
|
||||||
config = module.config
|
contents = module.config.get_config()
|
||||||
return config
|
|
||||||
|
|
||||||
|
filtered_config = list()
|
||||||
|
for item in contents.split('\n'):
|
||||||
|
if item.startswith('access-list %s' % acl_name):
|
||||||
|
filtered_config.append(item)
|
||||||
|
|
||||||
def check_input_acl(lines, module):
|
return NetworkConfig(indent=1, contents='\n'.join(filtered_config))
|
||||||
|
|
||||||
|
def parse_acl_name(module):
|
||||||
first_line = True
|
first_line = True
|
||||||
for line in lines:
|
for line in module.params['lines']:
|
||||||
ace = line.split()
|
ace = line.split()
|
||||||
if ace[0] != 'access-list':
|
if ace[0] != 'access-list':
|
||||||
module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0])
|
module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0])
|
||||||
if len(ace) <= 1:
|
if len(ace) <= 1:
|
||||||
module.fail_json(msg='All lines/commainds must contain the name of the access-list')
|
module.fail_json(msg='All lines/commands must contain the name of the access-list')
|
||||||
if first_line:
|
if first_line:
|
||||||
acl_name = ace[1]
|
acl_name = ace[1]
|
||||||
else:
|
else:
|
||||||
|
@ -156,7 +173,7 @@ def check_input_acl(lines, module):
|
||||||
module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name))
|
module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name))
|
||||||
first_line = False
|
first_line = False
|
||||||
|
|
||||||
return 'access-list %s' % acl_name
|
return acl_name
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
|
||||||
|
@ -181,22 +198,25 @@ def main():
|
||||||
match = module.params['match']
|
match = module.params['match']
|
||||||
replace = module.params['replace']
|
replace = module.params['replace']
|
||||||
|
|
||||||
|
result = dict(changed=False)
|
||||||
|
|
||||||
candidate = NetworkConfig(indent=1)
|
candidate = NetworkConfig(indent=1)
|
||||||
candidate.add(lines)
|
candidate.add(lines)
|
||||||
|
|
||||||
module.filter = check_input_acl(lines, module)
|
acl_name = parse_acl_name(module)
|
||||||
|
|
||||||
if not module.params['force']:
|
if not module.params['force']:
|
||||||
contents = get_config(module)
|
contents = get_config(module, acl_name)
|
||||||
config = NetworkConfig(indent=1, contents=contents)
|
config = NetworkConfig(indent=1, contents=contents)
|
||||||
|
|
||||||
commands = candidate.difference(config)
|
commands = candidate.difference(config)
|
||||||
commands = dumps(commands, 'commands').split('\n')
|
commands = dumps(commands, 'commands').split('\n')
|
||||||
|
commands = [str(c) for c in commands if c]
|
||||||
else:
|
else:
|
||||||
commands = str(candidate).split('\n')
|
commands = str(candidate).split('\n')
|
||||||
|
|
||||||
if commands:
|
if commands:
|
||||||
if not module.check_mode:
|
if not module.check_mode:
|
||||||
commands = [str(c) for c in commands if c]
|
|
||||||
response = module.config(commands)
|
response = module.config(commands)
|
||||||
result['responses'] = response
|
result['responses'] = response
|
||||||
result['changed'] = True
|
result['changed'] = True
|
||||||
|
|
Loading…
Reference in a new issue