From 961d461f7b5787c986d5df6e5d3f48c6534366fb Mon Sep 17 00:00:00 2001 From: Peter Sprygada Date: Tue, 13 Sep 2016 11:03:08 -0400 Subject: [PATCH] fixes a number of nagging issues in asa_acl due to refactoring * fixes issues with import error * removes need for filter attribute in Cli instance * now filters config either from device or provided via config argument ref: #2890 --- network/asa/asa_acl.py | 46 ++++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 13 deletions(-) diff --git a/network/asa/asa_acl.py b/network/asa/asa_acl.py index 80df451de6c..b51dfefb4f4 100644 --- a/network/asa/asa_acl.py +++ b/network/asa/asa_acl.py @@ -96,6 +96,16 @@ options: """ EXAMPLES = """ +# Note: examples below use the following provider dict to handle +# transport and authentication to the node. +vars: + cli: + host: "{{ inventory_hostname }}" + username: cisco + password: cisco + transport: cli + authorize: yes + auth_pass: cisco - asa_acl: lines: @@ -107,12 +117,14 @@ EXAMPLES = """ before: clear configure access-list ACL-ANSIBLE match: strict replace: block + provider: "{{ cli }}" - asa_acl: lines: - access-list ACL-OUTSIDE extended permit tcp any any eq www - access-list ACL-OUTSIDE extended permit tcp any any eq https context: customer_a + provider: "{{ cli }}" """ RETURN = """ @@ -130,25 +142,30 @@ responses: """ import ansible.module_utils.asa -from ansible.module_utils.netcfg import NetworkConfig from ansible.module_utils.network import NetworkModule +from ansible.module_utils.netcfg import NetworkConfig, dumps -def get_config(module): - config = module.params['config'] or dict() - if not config and not module.params['force']: - config = module.config - return config +def get_config(module, acl_name): + contents = module.params['config'] + if not contents: + contents = module.config.get_config() + filtered_config = list() + for item in contents.split('\n'): + if item.startswith('access-list %s' % acl_name): + filtered_config.append(item) -def check_input_acl(lines, module): + return NetworkConfig(indent=1, contents='\n'.join(filtered_config)) + +def parse_acl_name(module): first_line = True - for line in lines: + for line in module.params['lines']: ace = line.split() if ace[0] != 'access-list': module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0]) if len(ace) <= 1: - module.fail_json(msg='All lines/commainds must contain the name of the access-list') + module.fail_json(msg='All lines/commands must contain the name of the access-list') if first_line: acl_name = ace[1] else: @@ -156,7 +173,7 @@ def check_input_acl(lines, module): module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name)) first_line = False - return 'access-list %s' % acl_name + return acl_name def main(): @@ -181,22 +198,25 @@ def main(): match = module.params['match'] replace = module.params['replace'] + result = dict(changed=False) + candidate = NetworkConfig(indent=1) candidate.add(lines) - module.filter = check_input_acl(lines, module) + acl_name = parse_acl_name(module) if not module.params['force']: - contents = get_config(module) + contents = get_config(module, acl_name) config = NetworkConfig(indent=1, contents=contents) + commands = candidate.difference(config) commands = dumps(commands, 'commands').split('\n') + commands = [str(c) for c in commands if c] else: commands = str(candidate).split('\n') if commands: if not module.check_mode: - commands = [str(c) for c in commands if c] response = module.config(commands) result['responses'] = response result['changed'] = True