File: //usr/lib/python3.9/site-packages/ansible_collections/cisco/ise/plugins/action/allowed_protocols.py
# -*- coding: utf-8 -*-
# Copyright (c) 2021, Cisco Systems
# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
from ansible.plugins.action import ActionBase
try:
from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import (
AnsibleArgSpecValidator,
)
except ImportError:
ANSIBLE_UTILS_IS_INSTALLED = False
else:
ANSIBLE_UTILS_IS_INSTALLED = True
from ansible.errors import AnsibleActionFail
from ansible_collections.cisco.ise.plugins.plugin_utils.ise import (
ISESDK,
ise_argument_spec,
ise_compare_equality,
get_dict_result,
)
# Get common arguments specification
argument_spec = ise_argument_spec()
# Add arguments specific for this module
argument_spec.update(dict(
state=dict(type="str", default="present", choices=["present", "absent"]),
name=dict(type="str"),
description=dict(type="str"),
eapTls=dict(type="dict"),
peap=dict(type="dict"),
eapFast=dict(type="dict"),
eapTtls=dict(type="dict"),
teap=dict(type="dict"),
processHostLookup=dict(type="bool"),
allowPapAscii=dict(type="bool"),
allowChap=dict(type="bool"),
allowMsChapV1=dict(type="bool"),
allowMsChapV2=dict(type="bool"),
allowEapMd5=dict(type="bool"),
allowLeap=dict(type="bool"),
allowEapTls=dict(type="bool"),
allowEapTtls=dict(type="bool"),
allowEapFast=dict(type="bool"),
allowPeap=dict(type="bool"),
allowTeap=dict(type="bool"),
allowPreferredEapProtocol=dict(type="bool"),
preferredEapProtocol=dict(type="str"),
eapTlsLBit=dict(type="bool"),
allowWeakCiphersForEap=dict(type="bool"),
requireMessageAuth=dict(type="bool"),
id=dict(type="str"),
))
required_if = [
("state", "present", ["id", "name"], True),
("state", "absent", ["id", "name"], True),
]
required_one_of = []
mutually_exclusive = []
required_together = []
class AllowedProtocols(object):
def __init__(self, params, ise):
self.ise = ise
self.new_object = dict(
name=params.get("name"),
description=params.get("description"),
eap_tls=params.get("eapTls"),
peap=params.get("peap"),
eap_fast=params.get("eapFast"),
eap_ttls=params.get("eapTtls"),
teap=params.get("teap"),
process_host_lookup=params.get("processHostLookup"),
allow_pap_ascii=params.get("allowPapAscii"),
allow_chap=params.get("allowChap"),
allow_ms_chap_v1=params.get("allowMsChapV1"),
allow_ms_chap_v2=params.get("allowMsChapV2"),
allow_eap_md5=params.get("allowEapMd5"),
allow_leap=params.get("allowLeap"),
allow_eap_tls=params.get("allowEapTls"),
allow_eap_ttls=params.get("allowEapTtls"),
allow_eap_fast=params.get("allowEapFast"),
allow_peap=params.get("allowPeap"),
allow_teap=params.get("allowTeap"),
allow_preferred_eap_protocol=params.get("allowPreferredEapProtocol"),
preferred_eap_protocol=params.get("preferredEapProtocol"),
eap_tls_l_bit=params.get("eapTlsLBit"),
allow_weak_ciphers_for_eap=params.get("allowWeakCiphersForEap"),
require_message_auth=params.get("requireMessageAuth"),
id=params.get("id"),
)
def get_object_by_name(self, name):
try:
result = self.ise.exec(
family="allowed_protocols",
function="get_allowed_protocol_by_name",
params={"name": name},
handle_func_exception=False,
).response['AllowedProtocols']
result = get_dict_result(result, 'name', name)
except (TypeError, AttributeError) as e:
self.ise.fail_json(
msg=(
"An error occured when executing operation."
" Check the configuration of your API Settings and API Gateway settings on your ISE server."
" This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled."
" You may want to enable the (ise_debug: True) argument."
" The error was: {error}"
).format(error=e)
)
except Exception:
result = None
return result
def get_object_by_id(self, id):
try:
result = self.ise.exec(
family="allowed_protocols",
function="get_allowed_protocol_by_id",
handle_func_exception=False,
params={"id": id}
).response['AllowedProtocols']
except (TypeError, AttributeError) as e:
self.ise.fail_json(
msg=(
"An error occured when executing operation."
" Check the configuration of your API Settings and API Gateway settings on your ISE server."
" This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled."
" You may want to enable the (ise_debug: True) argument."
" The error was: {error}"
).format(error=e)
)
except Exception:
result = None
return result
def exists(self):
result = False
prev_obj = None
id = self.new_object.get("id")
name = self.new_object.get("name")
if id:
prev_obj = self.get_object_by_id(id)
result = prev_obj is not None and isinstance(prev_obj, dict)
elif name:
prev_obj = self.get_object_by_name(name)
result = prev_obj is not None and isinstance(prev_obj, dict)
return (result, prev_obj)
def requires_update(self, current_obj):
requested_obj = self.new_object
obj_params = [
("name", "name"),
("description", "description"),
("eapTls", "eap_tls"),
("peap", "peap"),
("eapFast", "eap_fast"),
("eapTtls", "eap_ttls"),
("teap", "teap"),
("processHostLookup", "process_host_lookup"),
("allowPapAscii", "allow_pap_ascii"),
("allowChap", "allow_chap"),
("allowMsChapV1", "allow_ms_chap_v1"),
("allowMsChapV2", "allow_ms_chap_v2"),
("allowEapMd5", "allow_eap_md5"),
("allowLeap", "allow_leap"),
("allowEapTls", "allow_eap_tls"),
("allowEapTtls", "allow_eap_ttls"),
("allowEapFast", "allow_eap_fast"),
("allowPeap", "allow_peap"),
("allowTeap", "allow_teap"),
("allowPreferredEapProtocol", "allow_preferred_eap_protocol"),
("preferredEapProtocol", "preferred_eap_protocol"),
("eapTlsLBit", "eap_tls_l_bit"),
("allowWeakCiphersForEap", "allow_weak_ciphers_for_eap"),
("requireMessageAuth", "require_message_auth"),
("id", "id"),
]
# Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params
# If any does not have eq params, it requires update
return any(not ise_compare_equality(current_obj.get(ise_param),
requested_obj.get(ansible_param))
for (ise_param, ansible_param) in obj_params)
def create(self):
result = self.ise.exec(
family="allowed_protocols",
function="create_allowed_protocol",
params=self.new_object,
).response
return result
def update(self):
id = self.new_object.get("id")
name = self.new_object.get("name")
result = None
if not id:
id_ = self.get_object_by_name(name).get("id")
self.new_object.update(dict(id=id_))
result = self.ise.exec(
family="allowed_protocols",
function="update_allowed_protocol_by_id",
params=self.new_object
).response
return result
def delete(self):
id = self.new_object.get("id")
name = self.new_object.get("name")
result = None
if not id:
id_ = self.get_object_by_name(name).get("id")
self.new_object.update(dict(id=id_))
result = self.ise.exec(
family="allowed_protocols",
function="delete_allowed_protocol_by_id",
params=self.new_object
).response
return result
class ActionModule(ActionBase):
def __init__(self, *args, **kwargs):
if not ANSIBLE_UTILS_IS_INSTALLED:
raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'")
super(ActionModule, self).__init__(*args, **kwargs)
self._supports_async = False
self._supports_check_mode = False
self._result = None
# Checks the supplied parameters against the argument spec for this module
def _check_argspec(self):
aav = AnsibleArgSpecValidator(
data=self._task.args,
schema=dict(argument_spec=argument_spec),
schema_format="argspec",
schema_conditionals=dict(
required_if=required_if,
required_one_of=required_one_of,
mutually_exclusive=mutually_exclusive,
required_together=required_together,
),
name=self._task.action,
)
valid, errors, self._task.args = aav.validate()
if not valid:
raise AnsibleActionFail(errors)
def run(self, tmp=None, task_vars=None):
self._task.diff = False
self._result = super(ActionModule, self).run(tmp, task_vars)
self._result["changed"] = False
self._check_argspec()
ise = ISESDK(params=self._task.args)
obj = AllowedProtocols(self._task.args, ise)
state = self._task.args.get("state")
response = None
if state == "present":
(obj_exists, prev_obj) = obj.exists()
if obj_exists:
if obj.requires_update(prev_obj):
ise_update_response = obj.update()
self._result.update(dict(ise_update_response=ise_update_response))
(obj_exists, updated_obj) = obj.exists()
response = updated_obj
has_changed = None
has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField")
if (len(has_changed) == 0 or
has_changed[0].get("newValue") == "" and
has_changed[0].get("newValue") == has_changed[0].get("oldValue")):
self._result.pop("ise_update_response", None)
ise.object_already_present()
else:
ise.object_updated()
else:
response = prev_obj
ise.object_already_present()
else:
ise_create_response = obj.create()
(obj_exists, created_obj) = obj.exists()
response = created_obj
ise.object_created()
elif state == "absent":
(obj_exists, prev_obj) = obj.exists()
if obj_exists:
obj.delete()
response = prev_obj
ise.object_deleted()
else:
ise.object_already_absent()
self._result.update(dict(ise_response=response))
self._result.update(ise.exit_json())
return self._result