Merge pull request #2904 from privateip/asa_acl
fixes a number of nagging issues in asa_acl due to refactoring
This commit is contained in:
commit
b0ae17f2c7
1 changed files with 33 additions and 13 deletions
|
@ -96,6 +96,16 @@ options:
|
|||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
# Note: examples below use the following provider dict to handle
|
||||
# transport and authentication to the node.
|
||||
vars:
|
||||
cli:
|
||||
host: "{{ inventory_hostname }}"
|
||||
username: cisco
|
||||
password: cisco
|
||||
transport: cli
|
||||
authorize: yes
|
||||
auth_pass: cisco
|
||||
|
||||
- asa_acl:
|
||||
lines:
|
||||
|
@ -107,12 +117,14 @@ EXAMPLES = """
|
|||
before: clear configure access-list ACL-ANSIBLE
|
||||
match: strict
|
||||
replace: block
|
||||
provider: "{{ cli }}"
|
||||
|
||||
- asa_acl:
|
||||
lines:
|
||||
- access-list ACL-OUTSIDE extended permit tcp any any eq www
|
||||
- access-list ACL-OUTSIDE extended permit tcp any any eq https
|
||||
context: customer_a
|
||||
provider: "{{ cli }}"
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
|
@ -130,25 +142,30 @@ responses:
|
|||
"""
|
||||
import ansible.module_utils.asa
|
||||
|
||||
from ansible.module_utils.netcfg import NetworkConfig
|
||||
from ansible.module_utils.network import NetworkModule
|
||||
from ansible.module_utils.netcfg import NetworkConfig, dumps
|
||||
|
||||
|
||||
def get_config(module):
|
||||
config = module.params['config'] or dict()
|
||||
if not config and not module.params['force']:
|
||||
config = module.config
|
||||
return config
|
||||
def get_config(module, acl_name):
|
||||
contents = module.params['config']
|
||||
if not contents:
|
||||
contents = module.config.get_config()
|
||||
|
||||
filtered_config = list()
|
||||
for item in contents.split('\n'):
|
||||
if item.startswith('access-list %s' % acl_name):
|
||||
filtered_config.append(item)
|
||||
|
||||
def check_input_acl(lines, module):
|
||||
return NetworkConfig(indent=1, contents='\n'.join(filtered_config))
|
||||
|
||||
def parse_acl_name(module):
|
||||
first_line = True
|
||||
for line in lines:
|
||||
for line in module.params['lines']:
|
||||
ace = line.split()
|
||||
if ace[0] != 'access-list':
|
||||
module.fail_json(msg='All lines/commands must begin with "access-list" %s is not permitted' % ace[0])
|
||||
if len(ace) <= 1:
|
||||
module.fail_json(msg='All lines/commainds must contain the name of the access-list')
|
||||
module.fail_json(msg='All lines/commands must contain the name of the access-list')
|
||||
if first_line:
|
||||
acl_name = ace[1]
|
||||
else:
|
||||
|
@ -156,7 +173,7 @@ def check_input_acl(lines, module):
|
|||
module.fail_json(msg='All lines/commands must use the same access-list %s is not %s' % (ace[1], acl_name))
|
||||
first_line = False
|
||||
|
||||
return 'access-list %s' % acl_name
|
||||
return acl_name
|
||||
|
||||
def main():
|
||||
|
||||
|
@ -181,22 +198,25 @@ def main():
|
|||
match = module.params['match']
|
||||
replace = module.params['replace']
|
||||
|
||||
result = dict(changed=False)
|
||||
|
||||
candidate = NetworkConfig(indent=1)
|
||||
candidate.add(lines)
|
||||
|
||||
module.filter = check_input_acl(lines, module)
|
||||
acl_name = parse_acl_name(module)
|
||||
|
||||
if not module.params['force']:
|
||||
contents = get_config(module)
|
||||
contents = get_config(module, acl_name)
|
||||
config = NetworkConfig(indent=1, contents=contents)
|
||||
|
||||
commands = candidate.difference(config)
|
||||
commands = dumps(commands, 'commands').split('\n')
|
||||
commands = [str(c) for c in commands if c]
|
||||
else:
|
||||
commands = str(candidate).split('\n')
|
||||
|
||||
if commands:
|
||||
if not module.check_mode:
|
||||
commands = [str(c) for c in commands if c]
|
||||
response = module.config(commands)
|
||||
result['responses'] = response
|
||||
result['changed'] = True
|
||||
|
|
Loading…
Reference in a new issue