fixes a number of nagging issues in asa_acl due to refactoring

* fixes issues with import error
* removes need for filter attribute in Cli instance
* now filters config either from device or provided via config argument

ref: #2890
This commit is contained in:
Peter Sprygada 2016-09-13 11:03:08 -04:00
parent e44376eda8
commit 961d461f7b

View file

@ -96,6 +96,16 @@ options:
""" """
EXAMPLES = """ EXAMPLES = """
# Note: examples below use the following provider dict to handle
# transport and authentication to the node.
vars:
cli:
host: "{{ inventory_hostname }}"
username: cisco
password: cisco
transport: cli
authorize: yes
auth_pass: cisco
- asa_acl: - asa_acl:
lines: lines:
@ -107,12 +117,14 @@ EXAMPLES = """
before: clear configure access-list ACL-ANSIBLE before: clear configure access-list ACL-ANSIBLE
match: strict match: strict
replace: block replace: block
provider: "{{ cli }}"
- asa_acl: - asa_acl:
lines: lines:
- access-list ACL-OUTSIDE extended permit tcp any any eq www - access-list ACL-OUTSIDE extended permit tcp any any eq www
- access-list ACL-OUTSIDE extended permit tcp any any eq https - access-list ACL-OUTSIDE extended permit tcp any any eq https
context: customer_a context: customer_a
provider: "{{ cli }}"
""" """
RETURN = """ RETURN = """
@ -130,25 +142,30 @@ responses:
""" """
import ansible.module_utils.asa import ansible.module_utils.asa
from ansible.module_utils.netcfg import NetworkConfig
from ansible.module_utils.network import NetworkModule from ansible.module_utils.network import NetworkModule
from ansible.module_utils.netcfg import NetworkConfig, dumps
def get_config(module): def get_config(module, acl_name):
config = module.params['config'] or dict() contents = module.params['config']
if not config and not module.params['force']: if not contents:
config = module.config contents = module.config.get_config()
return config
filtered_config = list()
for item in contents.split('\n'):
if item.startswith('access-list %s' % acl_name):
filtered_config.append(item)
def check_input_acl(lines, module): return NetworkConfig(indent=1, contents='\n'.join(filtered_config))
def parse_acl_name(module):
first_line = True first_line = True
for line in lines: for line in module.params['lines']:
ace = line.split() ace = line.split()
if ace[0] != 'access-list': if ace[0] != 'access-list':
module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0]) module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0])
if len(ace) <= 1: if len(ace) <= 1:
module.fail_json(msg='All lines/commainds must contain the name of the access-list') module.fail_json(msg='All lines/commands must contain the name of the access-list')
if first_line: if first_line:
acl_name = ace[1] acl_name = ace[1]
else: else:
@ -156,7 +173,7 @@ def check_input_acl(lines, module):
module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name)) module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name))
first_line = False first_line = False
return 'access-list %s' % acl_name return acl_name
def main(): def main():
@ -181,22 +198,25 @@ def main():
match = module.params['match'] match = module.params['match']
replace = module.params['replace'] replace = module.params['replace']
result = dict(changed=False)
candidate = NetworkConfig(indent=1) candidate = NetworkConfig(indent=1)
candidate.add(lines) candidate.add(lines)
module.filter = check_input_acl(lines, module) acl_name = parse_acl_name(module)
if not module.params['force']: if not module.params['force']:
contents = get_config(module) contents = get_config(module, acl_name)
config = NetworkConfig(indent=1, contents=contents) config = NetworkConfig(indent=1, contents=contents)
commands = candidate.difference(config) commands = candidate.difference(config)
commands = dumps(commands, 'commands').split('\n') commands = dumps(commands, 'commands').split('\n')
commands = [str(c) for c in commands if c]
else: else:
commands = str(candidate).split('\n') commands = str(candidate).split('\n')
if commands: if commands:
if not module.check_mode: if not module.check_mode:
commands = [str(c) for c in commands if c]
response = module.config(commands) response = module.config(commands)
result['responses'] = response result['responses'] = response
result['changed'] = True result['changed'] = True