fixes asa_config to allow config to include passwords, defaults or none (#3102)
The fix allows the asa_config module to request the config to contain all default statements or password information necessary for vpn tunnel endpoints
This commit is contained in:
Peter Sprygada
Matt Clay
parent
817881d64f
commit
d698a9b5f7
1 changed files with 21 additions and 6 deletions
|
|
@ -137,7 +137,7 @@ options:
|
||||||
will not download the running-config from the remote node.
|
will not download the running-config from the remote node.
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
default:
|
defaults:
|
||||||
description:
|
description:
|
||||||
- This argument specifies whether or not to collect all defaults
|
- This argument specifies whether or not to collect all defaults
|
||||||
when getting the remote device running config. When enabled,
|
when getting the remote device running config. When enabled,
|
||||||
|
|
@ -146,6 +146,15 @@ options:
|
||||||
required: false
|
required: false
|
||||||
default: no
|
default: no
|
||||||
choices: ['yes', 'no']
|
choices: ['yes', 'no']
|
||||||
|
passwords:
|
||||||
|
description:
|
||||||
|
- This argument specifies to include passwords in the config
|
||||||
|
when retrieving the running-config from the remote device. This
|
||||||
|
includes passwords related to VPN endpoints. This argument is
|
||||||
|
mutually exclusive with I(defaults).
|
||||||
|
required: false
|
||||||
|
default: no
|
||||||
|
choices: ['yes', 'no']
|
||||||
save:
|
save:
|
||||||
description:
|
description:
|
||||||
- The C(save) argument instructs the module to save the running-
|
- The C(save) argument instructs the module to save the running-
|
||||||
|
|
@ -190,10 +199,10 @@ vars:
|
||||||
context: ansible
|
context: ansible
|
||||||
|
|
||||||
- asa_config:
|
- asa_config:
|
||||||
show_command: 'more system:running-config'
|
|
||||||
lines:
|
lines:
|
||||||
- ikev1 pre-shared-key MyS3cretVPNK3y
|
- ikev1 pre-shared-key MyS3cretVPNK3y
|
||||||
parents: tunnel-group 1.1.1.1 ipsec-attributes
|
parents: tunnel-group 1.1.1.1 ipsec-attributes
|
||||||
|
passwords: yes
|
||||||
provider: "{{ cli }}"
|
provider: "{{ cli }}"
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
@ -226,8 +235,13 @@ from ansible.module_utils.netcfg import NetworkConfig, dumps
|
||||||
def get_config(module):
|
def get_config(module):
|
||||||
contents = module.params['config']
|
contents = module.params['config']
|
||||||
if not contents:
|
if not contents:
|
||||||
defaults = module.params['default']
|
if module.params['defaults']:
|
||||||
contents = module.config.get_config(include_defaults=defaults)
|
include = 'defaults'
|
||||||
|
elif module.params['passwords']:
|
||||||
|
include = 'passwords'
|
||||||
|
else:
|
||||||
|
include = None
|
||||||
|
contents = module.config.get_config(include=include)
|
||||||
return NetworkConfig(indent=1, contents=contents)
|
return NetworkConfig(indent=1, contents=contents)
|
||||||
|
|
||||||
def get_candidate(module):
|
def get_candidate(module):
|
||||||
|
|
@ -292,13 +306,14 @@ def main():
|
||||||
replace=dict(default='line', choices=['line', 'block']),
|
replace=dict(default='line', choices=['line', 'block']),
|
||||||
|
|
||||||
config=dict(),
|
config=dict(),
|
||||||
default=dict(type='bool', default=False),
|
defaults=dict(type='bool', default=False),
|
||||||
|
passwords=dict(type='bool', default=False),
|
||||||
|
|
||||||
backup=dict(type='bool', default=False),
|
backup=dict(type='bool', default=False),
|
||||||
save=dict(type='bool', default=False),
|
save=dict(type='bool', default=False),
|
||||||
)
|
)
|
||||||
|
|
||||||
mutually_exclusive = [('lines', 'src')]
|
mutually_exclusive = [('lines', 'src'), ('defaults', 'passwords')]
|
||||||
|
|
||||||
required_if = [('match', 'strict', ['lines']),
|
required_if = [('match', 'strict', ['lines']),
|
||||||
('match', 'exact', ['lines']),
|
('match', 'exact', ['lines']),
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue