diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 16:03:42 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 16:03:42 +0000 |
commit | 66cec45960ce1d9c794e9399de15c138acb18aed (patch) | |
tree | 59cd19d69e9d56b7989b080da7c20ef1a3fe2a5a /ansible_collections/cisco/nso/plugins | |
parent | Initial commit. (diff) | |
download | ansible-66cec45960ce1d9c794e9399de15c138acb18aed.tar.xz ansible-66cec45960ce1d9c794e9399de15c138acb18aed.zip |
Adding upstream version 7.3.0+dfsg.upstream/7.3.0+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cisco/nso/plugins')
9 files changed, 1906 insertions, 0 deletions
diff --git a/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py b/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py new file mode 100644 index 00000000..11d458db --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py @@ -0,0 +1,49 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2017, Cisco and/or its affiliates. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +class ModuleDocFragment(object): + + DOCUMENTATION = r''' +options: + url: + description: NSO JSON-RPC URL, http://localhost:8080/jsonrpc + type: str + required: true + username: + description: NSO username + type: str + required: true + password: + description: NSO password + type: str + required: true + timeout: + description: JSON-RPC request timeout in seconds + type: int + default: 300 + validate_certs: + description: When set to true, validates the SSL certificate of NSO when + using SSL + type: bool + required: false + default: false +seealso: + - name: Cisco DevNet NSO Sandbox + description: Provides a reservable pod with NSO, virtual network topology simulated with Cisco CML and a Linux host running Ansible + link: https://blogs.cisco.com/developer/nso-learning-lab-and-sandbox + - name: NSO Developer Resources on DevNet + description: Documentation for getting started using NSO + link: https://developer.cisco.com/docs/nso/ + - name: NSO Developer Hub + description: Collaboration community portal for NSO developers + link: https://community.cisco.com/t5/nso-developer-hub/ct-p/5672j-dev-nso + - name: NSO Developer Github + description: Code for NSO on Github + link: https://github.com/NSO-developer/ +''' diff --git a/ansible_collections/cisco/nso/plugins/module_utils/__init__.py b/ansible_collections/cisco/nso/plugins/module_utils/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/module_utils/__init__.py diff --git a/ansible_collections/cisco/nso/plugins/module_utils/nso.py b/ansible_collections/cisco/nso/plugins/module_utils/nso.py new file mode 100644 index 00000000..5e469cdd --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/module_utils/nso.py @@ -0,0 +1,833 @@ +# -*- coding: utf-8 -*- + +# Copyright: (c) 2017, Cisco and/or its affiliates. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + +from ansible.module_utils.basic import env_fallback +from ansible.module_utils.urls import open_url +from ansible.module_utils._text import to_text + +import json +import re +import socket + +try: + unicode + HAVE_UNICODE = True +except NameError: + unicode = str + HAVE_UNICODE = False + + +nso_argument_spec = dict( + url=dict(type='str', required=True), + username=dict(type='str', required=True, fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])), + password=dict(type='str', required=True, no_log=True, fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD'])), + timeout=dict(type='int', default=300), + validate_certs=dict(type='bool', default=False) +) + + +class State(object): + SET = 'set' + PRESENT = 'present' + ABSENT = 'absent' + CHECK_SYNC = 'check-sync' + DEEP_CHECK_SYNC = 'deep-check-sync' + IN_SYNC = 'in-sync' + DEEP_IN_SYNC = 'deep-in-sync' + + SYNC_STATES = ('check-sync', 'deep-check-sync', 'in-sync', 'deep-in-sync') + + +class ModuleFailException(Exception): + def __init__(self, message): + super(ModuleFailException, self).__init__(message) + self.message = message + + +class NsoException(Exception): + def __init__(self, message, error): + super(NsoException, self).__init__(message) + self.message = message + self.error = error + + +class JsonRpc(object): + def __init__(self, url, timeout, validate_certs): + self._url = url + self._timeout = timeout + self._validate_certs = validate_certs + self._id = 0 + self._trans = {} + self._headers = {'Content-Type': 'application/json'} + self._conn = None + self._system_settings = {} + + def login(self, user, passwd): + payload = { + 'method': 'login', + 'params': {'user': user, 'passwd': passwd} + } + resp, resp_json = self._call(payload) + self._headers['Cookie'] = resp.headers['set-cookie'] + + def logout(self): + payload = {'method': 'logout', 'params': {}} + self._call(payload) + + def get_system_setting(self, setting): + if setting not in self._system_settings: + payload = {'method': 'get_system_setting', 'params': {'operation': setting}} + resp, resp_json = self._call(payload) + self._system_settings[setting] = resp_json['result'] + return self._system_settings[setting] + + def new_trans(self, **kwargs): + payload = {'method': 'new_trans', 'params': kwargs} + resp, resp_json = self._call(payload) + return resp_json['result']['th'] + + def get_trans(self, mode): + if mode not in self._trans: + th = self.new_trans(mode=mode) + self._trans[mode] = th + return self._trans[mode] + + def delete_trans(self, th): + payload = {'method': 'delete_trans', 'params': {'th': th}} + resp, resp_json = self._call(payload) + self._maybe_delete_trans(th) + + def validate_trans(self, th): + payload = {'method': 'validate_trans', 'params': {'th': th}} + resp, resp_json = self._write_call(payload) + return resp_json['result'] + + def get_trans_changes(self, th): + payload = {'method': 'get_trans_changes', 'params': {'th': th}} + resp, resp_json = self._write_call(payload) + return resp_json['result']['changes'] + + def validate_commit(self, th, flags=None): + if flags: + payload = {'method': 'validate_commit', 'params': {'th': th, 'flags': flags}} + else: + payload = {'method': 'validate_commit', 'params': {'th': th}} + resp, resp_json = self._write_call(payload) + return resp_json['result'].get('warnings', []) + + def commit(self, th, flags=None): + if flags: + payload = {'method': 'commit', 'params': {'th': th, 'flags': flags}} + else: + payload = {'method': 'commit', 'params': {'th': th}} + resp, resp_json = self._write_call(payload) + if len(resp_json['result']) == 0: + self._maybe_delete_trans(th) + return resp_json['result'] + + def get_schema(self, **kwargs): + payload = {'method': 'get_schema', 'params': kwargs} + resp, resp_json = self._maybe_write_call(payload) + return resp_json['result'] + + def get_module_prefix_map(self, path=None): + if path is None: + payload = {'method': 'get_module_prefix_map', 'params': {}} + resp, resp_json = self._call(payload) + else: + payload = {'method': 'get_module_prefix_map', 'params': {'path': path}} + resp, resp_json = self._maybe_write_call(payload) + return resp_json['result'] + + def get_value(self, path): + payload = { + 'method': 'get_value', + 'params': {'path': path} + } + resp, resp_json = self._read_call(payload) + return resp_json['result'] + + def exists(self, path): + payload = {'method': 'exists', 'params': {'path': path}} + try: + resp, resp_json = self._read_call(payload) + return resp_json['result']['exists'] + except NsoException as ex: + # calling exists on a sub-list when the parent list does + # not exists will cause data.not_found errors on recent + # NSO + if 'type' in ex.error and ex.error['type'] == 'data.not_found': + return False + raise + + def create(self, th, path): + payload = {'method': 'create', 'params': {'th': th, 'path': path}} + self._write_call(payload) + + def delete(self, th, path): + payload = {'method': 'delete', 'params': {'th': th, 'path': path}} + self._write_call(payload) + + def set_value(self, th, path, value): + payload = { + 'method': 'set_value', + 'params': {'th': th, 'path': path, 'value': value} + } + resp, resp_json = self._write_call(payload) + return resp_json['result'] + + def show_config(self, path, operational=False): + payload = { + 'method': 'show_config', + 'params': { + 'path': path, + 'result_as': 'json', + 'with_oper': operational} + } + resp, resp_json = self._read_call(payload) + return resp_json['result'] + + def query(self, xpath, fields): + payload = { + 'method': 'query', + 'params': { + 'xpath_expr': xpath, + 'selection': fields + } + } + resp, resp_json = self._read_call(payload) + return resp_json['result']['results'] + + def run_action(self, th, path, params=None): + if params is None: + params = {} + + if is_version(self, [(4, 5), (4, 4, 3)]): + result_format = 'json' + else: + result_format = 'normal' + + payload = { + 'method': 'run_action', + 'params': { + 'format': result_format, + 'path': path, + 'params': params + } + } + + if th is None: + resp, resp_json = self._read_call(payload) + else: + payload['params']['th'] = th + resp, resp_json = self._call(payload) + + if result_format == 'normal': + # this only works for one-level results, list entries, + # containers etc will have / in their name. + result = {} + for info in resp_json['result']: + result[info['name']] = info['value'] + else: + result = resp_json['result'] + + return result + + def _call(self, payload): + self._id += 1 + if 'id' not in payload: + payload['id'] = self._id + + if 'jsonrpc' not in payload: + payload['jsonrpc'] = '2.0' + + data = json.dumps(payload) + try: + resp = open_url( + self._url, timeout=self._timeout, + method='POST', data=data, headers=self._headers, + validate_certs=self._validate_certs) + if resp.code != 200: + raise NsoException( + 'NSO returned HTTP code {0}, expected 200'.format(resp.status), {}) + except socket.timeout: + raise NsoException('request timed out against NSO at {0}'.format(self._url), {}) + + resp_body = resp.read() + resp_json = json.loads(resp_body) + + if 'error' in resp_json: + self._handle_call_error(payload, resp_json) + return resp, resp_json + + def _handle_call_error(self, payload, resp_json): + method = payload['method'] + + error = resp_json['error'] + error_type = error['type'][len('rpc.method.'):] + if error_type in ('unexpected_params', + 'unknown_params_value', + 'invalid_params', + 'invalid_params_type', + 'data_not_found'): + key = error['data']['param'] + error_type_s = error_type.replace('_', ' ') + if key == 'path': + msg = 'NSO {0} {1}. path = {2}'.format( + method, error_type_s, payload['params']['path']) + else: + path = payload['params'].get('path', 'unknown') + msg = 'NSO {0} {1}. path = {2}. {3} = {4}'.format( + method, error_type_s, path, key, payload['params'][key]) + else: + msg = 'NSO {0} returned JSON-RPC error: {1}'.format(method, error) + + raise NsoException(msg, error) + + def _read_call(self, payload): + if 'th' not in payload['params']: + payload['params']['th'] = self.get_trans(mode='read') + return self._call(payload) + + def _write_call(self, payload): + if 'th' not in payload['params']: + payload['params']['th'] = self.get_trans(mode='read_write') + return self._call(payload) + + def _maybe_write_call(self, payload): + if 'read_write' in self._trans: + return self._write_call(payload) + else: + return self._read_call(payload) + + def _maybe_delete_trans(self, th): + for mode in ('read', 'read_write'): + if th == self._trans.get(mode, None): + del self._trans[mode] + + +class ValueBuilder(object): + PATH_RE = re.compile('{[^}]*}') + PATH_RE_50 = re.compile('{[^}]*}$') + + class Value(object): + __slots__ = ['path', 'tag_path', 'state', 'value', 'deps'] + + def __init__(self, path, state, value, deps): + self.path = path + self.tag_path = ValueBuilder.PATH_RE.sub('', path) + self.state = state + self.value = value + self.deps = deps + + # nodes can depend on themselves + if self.tag_path in self.deps: + self.deps.remove(self.tag_path) + + def __lt__(self, rhs): + l_len = len(self.path.split('/')) + r_len = len(rhs.path.split('/')) + if l_len == r_len: + return self.path.__lt__(rhs.path) + return l_len < r_len + + def __str__(self): + return 'Value<path={0}, state={1}, value={2}>'.format( + self.path, self.state, self.value) + + class ValueIterator(object): + def __init__(self, client, values, delayed_values): + self._client = client + self._values = values + self._delayed_values = delayed_values + self._pos = 0 + + def __iter__(self): + return self + + def __next__(self): + return self.next() + + def next(self): + if self._pos >= len(self._values): + if len(self._delayed_values) == 0: + raise StopIteration() + + builder = ValueBuilder(self._client, delay=False) + for (parent, maybe_qname, value) in self._delayed_values: + builder.build(parent, maybe_qname, value) + del self._delayed_values[:] + self._values.extend(builder.values) + + return self.next() + + value = self._values[self._pos] + self._pos += 1 + return value + + def __init__(self, client, mode='config', delay=None): + self._client = client + self._mode = mode + self._schema_cache = {} + self._module_prefix_map_cache = {} + self._values = [] + self._values_dirty = False + self._delay = delay is None and mode == 'config' and is_version(self._client, [(5, 0)]) + self._delayed_values = [] + + def build(self, parent, maybe_qname, value, schema=None): + qname, name = self.get_prefix_name(parent, maybe_qname) + if name is None: + path = parent + else: + path = '{0}/{1}'.format(parent, qname) + + if schema is None: + schema = self._get_schema(path) + + if self._delay and schema.get('is_mount_point', False): + # delay conversion of mounted values, required to get + # shema information on 5.0 and later. + self._delayed_values.append((parent, maybe_qname, value)) + elif self._is_leaf_list(schema) and is_version(self._client, [(4, 5)]): + self._build_leaf_list(path, schema, value) + elif self._is_leaf(schema): + deps = schema.get('deps', []) + if self._is_empty_leaf(schema): + exists = self._client.exists(path) + if exists and value != [None]: + self._add_value(path, State.ABSENT, None, deps) + elif not exists and value == [None]: + self._add_value(path, State.PRESENT, None, deps) + else: + if maybe_qname is None: + value_type = self.get_type(path) + else: + value_type = self._get_child_type(parent, qname) + + if 'identityref' in value_type: + if isinstance(value, list): + value = [ll_v for ll_v, t_ll_v + in [self.get_prefix_name(parent, v) for v in value]] + else: + value, t_value = self.get_prefix_name(parent, value) + self._add_value(path, State.SET, value, deps) + elif isinstance(value, dict): + self._build_dict(path, schema, value) + elif isinstance(value, list): + self._build_list(path, schema, value) + else: + raise ModuleFailException( + 'unsupported schema {0} at {1}'.format( + schema['kind'], path)) + + @property + def values(self): + if self._values_dirty: + self._values = ValueBuilder.sort_values(self._values) + self._values_dirty = False + + return ValueBuilder.ValueIterator(self._client, self._values, self._delayed_values) + + @staticmethod + def sort_values(values): + class N(object): + def __init__(self, v): + self.tmp_mark = False + self.mark = False + self.v = v + + sorted_values = [] + nodes = [N(v) for v in sorted(values)] + + def get_node(tag_path): + return next((m for m in nodes + if m.v.tag_path == tag_path), None) + + def is_cycle(n, dep, visited): + visited.add(n.v.tag_path) + if dep in visited: + return True + + dep_n = get_node(dep) + if dep_n is not None: + for sub_dep in dep_n.v.deps: + if is_cycle(dep_n, sub_dep, visited): + return True + + return False + + # check for dependency cycles, remove if detected. sort will + # not be 100% but allows for a best-effort to work around + # issue in NSO. + for n in nodes: + for dep in n.v.deps: + if is_cycle(n, dep, set()): + n.v.deps.remove(dep) + + def visit(n): + if n.tmp_mark: + return False + if not n.mark: + n.tmp_mark = True + for m in nodes: + if m.v.tag_path in n.v.deps: + if not visit(m): + return False + + n.tmp_mark = False + n.mark = True + + sorted_values.insert(0, n.v) + + return True + + n = next((n for n in nodes if not n.mark), None) + while n is not None: + visit(n) + n = next((n for n in nodes if not n.mark), None) + + return sorted_values[::-1] + + def _build_dict(self, path, schema, value): + keys = schema.get('key', []) + for dict_key, dict_value in value.items(): + qname, name = self.get_prefix_name(path, dict_key) + if dict_key in ('__state', ) or name in keys: + continue + + child_schema = self._find_child(path, schema, qname) + self.build(path, dict_key, dict_value, child_schema) + + def _build_leaf_list(self, path, schema, value): + deps = schema.get('deps', []) + entry_type = self.get_type(path, schema) + + if self._mode == 'verify': + for entry in value: + if 'identityref' in entry_type: + entry, t_entry = self.get_prefix_name(path, entry) + entry_path = '{0}{{{1}}}'.format(path, entry) + if not self._client.exists(entry_path): + self._add_value(entry_path, State.ABSENT, None, deps) + else: + # remove leaf list if treated as a list and then re-create the + # expected list entries. + self._add_value(path, State.ABSENT, None, deps) + + for entry in value: + if 'identityref' in entry_type: + entry, t_entry = self.get_prefix_name(path, entry) + entry_path = '{0}{{{1}}}'.format(path, entry) + self._add_value(entry_path, State.PRESENT, None, deps) + + def _build_list(self, path, schema, value): + deps = schema.get('deps', []) + for entry in value: + entry_key = self._build_key(path, entry, schema['key']) + entry_path = '{0}{{{1}}}'.format(path, entry_key) + entry_state = entry.get('__state', 'present') + entry_exists = self._client.exists(entry_path) + + if entry_state == 'absent': + if entry_exists: + self._add_value(entry_path, State.ABSENT, None, deps) + else: + if not entry_exists: + self._add_value(entry_path, State.PRESENT, None, deps) + if entry_state in State.SYNC_STATES: + self._add_value(entry_path, entry_state, None, deps) + + self.build(entry_path, None, entry) + + def _build_key(self, path, entry, schema_keys): + key_parts = [] + for key in schema_keys: + value = entry.get(key, None) + if value is None: + raise ModuleFailException( + 'required leaf {0} in {1} not set in data'.format( + key, path)) + + value_type = self._get_child_type(path, key) + if 'identityref' in value_type: + value, t_value = self.get_prefix_name(path, value) + key_parts.append(self._quote_key(value)) + return ' '.join(key_parts) + + def _quote_key(self, key): + if isinstance(key, bool): + return key and 'true' or 'false' + + q_key = [] + for c in str(key): + if c in ('{', '}', "'", '\\'): + q_key.append('\\') + q_key.append(c) + q_key = ''.join(q_key) + if ' ' in q_key: + return '"{0}"'.format(q_key) + return q_key + + def _find_child(self, path, schema, qname): + if 'children' not in schema: + schema = self._get_schema(path) + + # look for the qualified name if : is in the name + child_schema = self._get_child(schema, qname) + if child_schema is not None: + return child_schema + + # no child was found, look for a choice with a child matching + for child_schema in schema['children']: + if child_schema['kind'] != 'choice': + continue + choice_child_schema = self._get_choice_child(child_schema, qname) + if choice_child_schema is not None: + return choice_child_schema + + raise ModuleFailException( + 'no child in {0} with name {1}. children {2}'.format( + path, qname, ','.join((c.get('qname', c.get('name', None)) for c in schema['children'])))) + + def _add_value(self, path, state, value, deps): + self._values.append(ValueBuilder.Value(path, state, value, deps)) + self._values_dirty = True + + def get_prefix_name(self, path, qname): + if not isinstance(qname, (str, unicode)): + return qname, None + if ':' not in qname: + return qname, qname + + module_prefix_map = self._get_module_prefix_map(path) + module, name = qname.split(':', 1) + if module not in module_prefix_map: + raise ModuleFailException( + 'no module mapping for module {0}. loaded modules {1}'.format( + module, ','.join(sorted(module_prefix_map.keys())))) + + return '{0}:{1}'.format(module_prefix_map[module], name), name + + def _get_schema(self, path): + return self._ensure_schema_cached(path)['data'] + + def _get_child_type(self, parent_path, key): + all_schema = self._ensure_schema_cached(parent_path) + parent_schema = all_schema['data'] + meta = all_schema['meta'] + schema = self._find_child(parent_path, parent_schema, key) + return self.get_type(parent_path, schema, meta) + + def get_type(self, path, schema=None, meta=None): + if schema is None or meta is None: + all_schema = self._ensure_schema_cached(path) + schema = all_schema['data'] + meta = all_schema['meta'] + + if self._is_leaf(schema): + def get_type(meta, curr_type): + if curr_type.get('primitive', False): + return [curr_type['name']] + if 'namespace' in curr_type: + curr_type_key = '{0}:{1}'.format( + curr_type['namespace'], curr_type['name']) + type_info = meta['types'][curr_type_key][-1] + return get_type(meta, type_info) + if 'leaf_type' in curr_type: + return get_type(meta, curr_type['leaf_type'][-1]) + if 'union' in curr_type: + union_types = [] + for union_type in curr_type['union']: + union_types.extend(get_type(meta, union_type[-1])) + return union_types + return [curr_type.get('name', 'unknown')] + + return get_type(meta, schema['type']) + return None + + def _ensure_schema_cached(self, path): + if not self._delay and is_version(self._client, [(5, 0)]): + # newer versions of NSO support multiple different schemas + # for different devices, thus the device is required to + # look up the schema. Remove the key entry to get schema + # logic working ok. + path = ValueBuilder.PATH_RE_50.sub('', path) + else: + path = ValueBuilder.PATH_RE.sub('', path) + + if path not in self._schema_cache: + schema = self._client.get_schema(path=path, levels=1) + self._schema_cache[path] = schema + return self._schema_cache[path] + + def _get_module_prefix_map(self, path): + # newer versions of NSO support multiple mappings from module + # to prefix depending on which device is used. + if path != '' and is_version(self._client, [(5, 0)]): + if path not in self._module_prefix_map_cache: + self._module_prefix_map_cache[path] = self._client.get_module_prefix_map(path) + return self._module_prefix_map_cache[path] + + if '' not in self._module_prefix_map_cache: + self._module_prefix_map_cache[''] = self._client.get_module_prefix_map() + return self._module_prefix_map_cache[''] + + def _get_child(self, schema, qname): + # no child specified, return parent + if qname is None: + return schema + + name_key = ':' in qname and 'qname' or 'name' + return next((c for c in schema['children'] + if c.get(name_key, None) == qname), None) + + def _get_choice_child(self, schema, qname): + name_key = ':' in qname and 'qname' or 'name' + for child_case in schema['cases']: + # look for direct child + choice_child_schema = next( + (c for c in child_case['children'] + if c.get(name_key, None) == qname), None) + if choice_child_schema is not None: + return choice_child_schema + + # look for nested choice + for child_schema in child_case['children']: + if child_schema['kind'] != 'choice': + continue + choice_child_schema = self._get_choice_child(child_schema, qname) + if choice_child_schema is not None: + return choice_child_schema + return None + + def _is_leaf_list(self, schema): + return schema.get('kind', None) == 'leaf-list' + + def _is_leaf(self, schema): + # still checking for leaf-list here to be compatible with pre + # 4.5 versions of NSO. + return schema.get('kind', None) in ('key', 'leaf', 'leaf-list') + + def _is_empty_leaf(self, schema): + return (schema.get('kind', None) == 'leaf' and + schema['type'].get('primitive', False) and + schema['type'].get('name', '') == 'empty') + + +def connect(params): + client = JsonRpc(params['url'], + params['timeout'], + params['validate_certs']) + client.login(params['username'], params['password']) + return client + + +def verify_version(client, required_versions): + version_str = client.get_system_setting('version') + client._version = version_str + if not verify_version_str(version_str, required_versions): + supported_versions = ', '.join( + ['.'.join([str(p) for p in required_version]) + for required_version in required_versions]) + raise ModuleFailException( + 'unsupported NSO version {0}. {1} or later supported'.format( + version_str, supported_versions)) + + +def is_version(client, required_versions): + version_str = client.get_system_setting('version') + return verify_version_str(version_str, required_versions) + + +def verify_version_str(version_str, required_versions): + version_str = re.sub('_.*', '', version_str) + + version = [int(p) for p in version_str.split('.')] + if len(version) < 2: + raise ModuleFailException( + 'unsupported NSO version format {0}'.format(version_str)) + + def check_version(required_version, version): + for pos in range(len(required_version)): + if pos >= len(version): + return False + if version[pos] > required_version[pos]: + return True + if version[pos] < required_version[pos]: + return False + return True + + for required_version in required_versions: + if check_version(required_version, version): + return True + return False + + +def normalize_value(expected_value, value, key): + if value is None: + return None + if (isinstance(expected_value, bool) and + isinstance(value, (str, unicode))): + return value == 'true' + if isinstance(expected_value, int): + try: + return int(value) + except TypeError: + raise ModuleFailException( + 'returned value {0} for {1} is not a valid integer'.format( + key, value)) + if isinstance(expected_value, float): + try: + return float(value) + except TypeError: + raise ModuleFailException( + 'returned value {0} for {1} is not a valid float'.format( + key, value)) + if isinstance(expected_value, (list, tuple)): + if not isinstance(value, (list, tuple)): + raise ModuleFailException( + 'returned value {0} for {1} is not a list'.format(value, key)) + if len(expected_value) != len(value): + raise ModuleFailException( + 'list length mismatch for {0}'.format(key)) + + normalized_value = [] + for i in range(len(expected_value)): + normalized_value.append( + normalize_value(expected_value[i], value[i], '{0}[{1}]'.format(key, i))) + return normalized_value + + if isinstance(expected_value, dict): + if not isinstance(value, dict): + raise ModuleFailException( + 'returned value {0} for {1} is not a dict'.format(value, key)) + if len(expected_value) != len(value): + raise ModuleFailException( + 'dict length mismatch for {0}'.format(key)) + + normalized_value = {} + for k in expected_value.keys(): + n_k = normalize_value(k, k, '{0}[{1}]'.format(key, k)) + if n_k not in value: + raise ModuleFailException('missing {0} in value'.format(n_k)) + normalized_value[n_k] = normalize_value(expected_value[k], value[k], '{0}[{1}]'.format(key, k)) + return normalized_value + + if HAVE_UNICODE: + if isinstance(expected_value, unicode) and isinstance(value, str): + return value.decode('utf-8') + if isinstance(expected_value, str) and isinstance(value, unicode): + return value.encode('utf-8') + else: + if hasattr(expected_value, 'encode') and hasattr(value, 'decode'): + return value.decode('utf-8') + if hasattr(expected_value, 'decode') and hasattr(value, 'encode'): + return value.encode('utf-8') + + return value diff --git a/ansible_collections/cisco/nso/plugins/modules/__init__.py b/ansible_collections/cisco/nso/plugins/modules/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/__init__.py diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_action.py b/ansible_collections/cisco/nso/plugins/modules/nso_action.py new file mode 100644 index 00000000..b5db2084 --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/nso_action.py @@ -0,0 +1,211 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017 Cisco and/or its affiliates. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: nso_action +extends_documentation_fragment: +- cisco.nso.nso + +short_description: Executes Cisco NSO actions and verifies output. +description: + - This module provides support for executing Cisco NSO actions and then + verifying that the output is as expected. +requirements: + - Cisco NSO version 3.4 or higher. +author: "Claes Nästén (@cnasten)" +options: + path: + description: Path to NSO action. + required: true + type: str + input: + description: > + NSO action parameters. + type: dict + output_required: + description: > + Required output parameters. + type: dict + output_invalid: + description: > + List of result parameter names that will cause the task to fail if they + are present. + type: dict + validate_strict: + description: > + If set to true, the task will fail if any output parameters not in + output_required is present in the output. + type: bool + default: False +''' + +EXAMPLES = ''' +- name: Sync NSO device + cisco.nso.nso_action: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + path: /ncs:devices/device{dist-rtr01}/sync-from + input: {} + +- name: Check device sync + cisco.nso.nso_action: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + path: /ncs:devices/check-sync + input: {} + +- name: Load Native Config + cisco.nso.nso_action: + url: "https://10.10.20.49/jsonrpc" + username: developer + password: C1sco12345 + path: /ncs:devices/ncs:device{dist-rtr01}/load-native-config + input: { file: "/home/developer/test.cfg" , verbose: true, mode: "merge"} + register: result +''' + +RETURN = ''' +output: + description: Action output + returned: success + type: dict + sample: + result: true +''' + +from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec +from ansible_collections.cisco.nso.plugins.module_utils.nso import normalize_value +from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException +from ansible.module_utils.basic import AnsibleModule + + +class NsoAction(object): + + REQUIRED_VERSIONS = [ + (3, 4) + ] + + def __init__(self, check_mode, client, + path, input, + output_required, output_invalid, validate_strict): + self._check_mode = check_mode + self._client = client + self._path = path + self._input = input + self._output_required = output_required + self._output_invalid = output_invalid + self._validate_strict = validate_strict + + def main(self): + schema = self._client.get_schema(path=self._path) + if schema['data']['kind'] != 'action': + raise ModuleFailException('{0} is not an action'.format(self._path)) + input_schema = [] + for c in schema['data']['children']: + if c.get('is_action_input', False): + if c['kind'] == 'choice': + for case in c['cases']: + input_schema.append(case) + else: + input_schema.append(c) + + for key, value in self._input.items(): + child = next((c for c in input_schema if c['name'] == key), None) + if child is None: + raise ModuleFailException("unsupported input parameter '{0}'".format(key)) + + # implement type validation in the future + + if self._check_mode: + return {} + else: + return self._run_and_verify() + + def _run_and_verify(self): + output = self._client.run_action(None, self._path, self._input) + for key, value in self._output_required.items(): + if key not in output: + raise ModuleFailException('{0} not in result'.format(key)) + + n_value = normalize_value(value, output[key], key) + if value != n_value: + msg = '{0} value mismatch. expected {1} got {2}'.format( + key, value, n_value) + raise ModuleFailException(msg) + + for key in self._output_invalid.keys(): + if key in output: + raise ModuleFailException('{0} not allowed in result'.format(key)) + + if self._validate_strict: + for name in output.keys(): + if name not in self._output_required: + raise ModuleFailException('{0} not allowed in result'.format(name)) + + return output + + +def main(): + argument_spec = dict( + path=dict(required=True), + input=dict(required=False, type='dict', default={}), + output_required=dict(required=False, type='dict', default={}), + output_invalid=dict(required=False, type='dict', default={}), + validate_strict=dict(required=False, type='bool', default=False) + ) + argument_spec.update(nso_argument_spec) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + p = module.params + + client = connect(p) + nso_action = NsoAction( + module.check_mode, client, + p['path'], + p['input'], + p['output_required'], + p['output_invalid'], + p['validate_strict']) + try: + verify_version(client, NsoAction.REQUIRED_VERSIONS) + + output = nso_action.main() + client.logout() + module.exit_json(changed=True, output=output) + except NsoException as ex: + client.logout() + module.fail_json(msg=ex.message) + except ModuleFailException as ex: + client.logout() + module.fail_json(msg=ex.message) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_config.py b/ansible_collections/cisco/nso/plugins/modules/nso_config.py new file mode 100644 index 00000000..01ee40ec --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/nso_config.py @@ -0,0 +1,338 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017 Cisco and/or its affiliates. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: nso_config +extends_documentation_fragment: +- cisco.nso.nso + +short_description: Manage Cisco NSO configuration and service synchronization. +description: + - This module provides support for managing configuration in Cisco NSO and + can also ensure services are in sync. +requirements: + - Cisco NSO version 3.4.12 or higher, 4.2.7 or higher, + 4.3.8 or higher, 4.4.3 or higher, 4.5 or higher. +author: "Claes Nästén (@cnasten)" +options: + data: + description: > + NSO data in format as | display json converted to YAML. List entries can + be annotated with a __state entry. Set to in-sync/deep-in-sync for + services to verify service is in sync with the network. Set to absent in + list entries to ensure they are deleted if they exist in NSO. + required: true + type: dict + commit_flags: + description: > + A list containing commit flags. See the API documentation for + supported commit flags. + https://developer.cisco.com/docs/nso/guides/#!life-cycle-operations-how-to-manipulate-existing-services-and-devices/commit-flags-and-device-service-actions + type: list + elements: str +''' + +EXAMPLES = ''' +- name: CREATE DEVICE IN NSO + cisco.nso.nso_config: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + data: + tailf-ncs:devices: + device: + - address: 10.10.20.175 + description: CONFIGURED BY ANSIBLE! + name: dist-rtr01 + authgroup: "labadmin" + device-type: + cli: + ned-id: "cisco-ios-cli-6.44" + port: "22" + state: + admin-state: "unlocked" + +- name: ADD NEW LOOPBACK + cisco.nso.nso_config: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + data: + tailf-ncs:devices: + device: + - name: dist-rtr01 + config: + tailf-ned-cisco-ios:interface: + Loopback: + - name: "1" + description: Created by Ansible! + +- name: CONFIGURE IP ADDRESS ON LOOPBACK + cisco.nso.nso_config: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + data: + tailf-ncs:devices: + device: + - name: dist-rtr01 + config: + tailf-ned-cisco-ios:interface: + Loopback: + - name: "1" + description: Created by Ansible! + ip: + address: + primary: + address: 10.10.10.10 + mask: 255.255.255.255 + +- name: CONFIGURE NTP SERVER ON DEVICE + cisco.nso.nso_config: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + data: + tailf-ncs:devices: + device: + - name: dist-rtr01 + config: + tailf-ned-cisco-ios:ntp: + server: + peer-list: + - name: 2.2.2.2 +''' + +RETURN = ''' +changes: + description: List of changes + returned: always + type: complex + sample: + - path: "/ncs:devices/device{dist-rtr01}/config/ios:interface/Loopback{1}/ip/address/primary/address" + from: null + to: "10.10.10.10" + type: set + contains: + path: + description: Path to value changed + returned: always + type: str + from: + description: Previous value if any, else null + returned: When previous value is present on value change + type: str +diffs: + description: List of sync changes + returned: always + type: complex + contains: + path: + description: keypath to service changed + returned: always + type: str + diff: + description: configuration difference triggered the re-deploy + returned: always + type: str +commit_result: + description: Return values from commit operation + returned: always + type: complex + contains: + commit_queue: + description: Commit queue ID and status, if any + returned: When commit-queue is set in commit_flags + type: dict + sample: + - { + "commit_queue": { + "id": 1611776004976, + "status": "async" + } + } + +''' + +from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec +from ansible_collections.cisco.nso.plugins.module_utils.nso import State, ValueBuilder +from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException +from ansible.module_utils.basic import AnsibleModule + + +class NsoConfig(object): + REQUIRED_VERSIONS = [ + (4, 5), + (4, 4, 3), + (4, 3, 8), + (4, 2, 7), + (3, 4, 12) + ] + + def __init__(self, check_mode, client, data, commit_flags): + self._check_mode = check_mode + self._client = client + self._data = data + self._commit_flags = commit_flags + + self._changes = [] + self._diffs = [] + self._commit_result = [] + + def main(self): + # build list of values from configured data + value_builder = ValueBuilder(self._client) + for key, value in self._data.items(): + value_builder.build('', key, value) + + self._data_write(value_builder.values) + + # check sync AFTER configuration is written + sync_values = self._sync_check(value_builder.values) + self._sync_ensure(sync_values) + + return self._changes, self._diffs, self._commit_result + + def _data_write(self, values): + th = self._client.get_trans(mode='read_write') + + for value in values: + if value.state == State.SET: + self._client.set_value(th, value.path, value.value) + elif value.state == State.PRESENT: + self._client.create(th, value.path) + elif value.state == State.ABSENT: + self._client.delete(th, value.path) + + changes = self._client.get_trans_changes(th) + for change in changes: + if change['op'] == 'value_set': + self._changes.append({ + 'path': change['path'], + 'from': change['old'] or None, + 'to': change['value'], + 'type': 'set' + }) + elif change['op'] in ('created', 'deleted'): + self._changes.append({ + 'path': change['path'], + 'type': change['op'][:-1] + }) + + if len(changes) > 0: + # Fix for validate_commit method not working with commit flags prior to 5.4. + # If version < 5.4 then don't send the flags to validate_commit + version = float(self._client._version[0:self._client._version.find('.') + 2:]) + if version >= 5.4: + warnings = self._client.validate_commit(th, self._commit_flags) + else: + warnings = self._client.validate_commit(th) + if len(warnings) > 0: + raise NsoException( + 'failed to validate transaction with warnings: {0}'.format( + ', '.join((str(warning) for warning in warnings))), {}) + if self._check_mode or len(changes) == 0: + self._client.delete_trans(th) + else: + if self._commit_flags: + result = self._client.commit(th, self._commit_flags) + self._commit_result.append(result) + else: + result = self._client.commit(th) + self._commit_result.append(result) + + def _sync_check(self, values): + sync_values = [] + + for value in values: + if value.state in (State.CHECK_SYNC, State.IN_SYNC): + action = 'check-sync' + elif value.state in (State.DEEP_CHECK_SYNC, State.DEEP_IN_SYNC): + action = 'deep-check-sync' + else: + action = None + + if action is not None: + action_path = '{0}/{1}'.format(value.path, action) + action_params = {'outformat': 'cli'} + resp = self._client.run_action(None, action_path, action_params) + if len(resp) > 0: + sync_values.append( + ValueBuilder.Value(value.path, value.state, resp[0]['value'])) + + return sync_values + + def _sync_ensure(self, sync_values): + for value in sync_values: + if value.state in (State.CHECK_SYNC, State.DEEP_CHECK_SYNC): + raise NsoException( + '{0} out of sync, diff {1}'.format(value.path, value.value), {}) + + action_path = '{0}/{1}'.format(value.path, 're-deploy') + if not self._check_mode: + result = self._client.run_action(None, action_path) + if not result: + raise NsoException( + 'failed to re-deploy {0}'.format(value.path), {}) + + self._changes.append({'path': value.path, 'type': 're-deploy'}) + self._diffs.append({'path': value.path, 'diff': value.value}) + + +def main(): + argument_spec = dict( + data=dict(required=True, type='dict'), + commit_flags=dict(required=False, type='list', elements='str') + ) + + argument_spec.update(nso_argument_spec) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + p = module.params + client = connect(p) + nso_config = NsoConfig(module.check_mode, client, p['data'], p['commit_flags']) + try: + verify_version(client, NsoConfig.REQUIRED_VERSIONS) + + changes, diffs, commit_result = nso_config.main() + client.logout() + + changed = len(changes) > 0 + module.exit_json( + changed=changed, changes=changes, diffs=diffs, commit_result=commit_result) + + except NsoException as ex: + client.logout() + module.fail_json(msg=ex.message) + except ModuleFailException as ex: + client.logout() + module.fail_json(msg=ex.message) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_query.py b/ansible_collections/cisco/nso/plugins/modules/nso_query.py new file mode 100644 index 00000000..5f2d26f5 --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/nso_query.py @@ -0,0 +1,129 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017 Cisco and/or its affiliates. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: nso_query +extends_documentation_fragment: +- cisco.nso.nso + +short_description: Query data from Cisco NSO. +description: + - This module provides support for querying data from Cisco NSO using XPath. +requirements: + - Cisco NSO version 3.4 or higher. +author: "Claes Nästén (@cnasten)" +options: + xpath: + description: XPath selection relative to the root. + required: true + type: str + fields: + description: > + List of fields to select from matching nodes. + required: true + type: list + elements: str +''' + +EXAMPLES = ''' +- name: QUERY DEVICES DISPLAYING NAME AND DESCRIPTION + cisco.nso.nso_query: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + xpath: /ncs:devices/device + fields: + - name + - description + register: nso_query_result + +- name: DISPLAY NSO_QUERY RESULT + debug: + var: nso_query_result +''' + +RETURN = ''' +output: + description: Value of matching nodes + returned: success + type: list +''' + +from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec +from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException +from ansible.module_utils.basic import AnsibleModule + + +class NsoQuery(object): + REQUIRED_VERSIONS = [ + (3, 4) + ] + + def __init__(self, check_mode, client, xpath, fields): + self._check_mode = check_mode + self._client = client + self._xpath = xpath + self._fields = fields + + def main(self): + if self._check_mode: + return [] + else: + return self._client.query(self._xpath, self._fields) + + +def main(): + argument_spec = dict( + xpath=dict(required=True, type='str'), + fields=dict(required=True, type='list', elements='str') + ) + argument_spec.update(nso_argument_spec) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + p = module.params + + client = connect(p) + nso_query = NsoQuery( + module.check_mode, client, + p['xpath'], p['fields']) + try: + verify_version(client, NsoQuery.REQUIRED_VERSIONS) + + output = nso_query.main() + client.logout() + module.exit_json(changed=False, output=output) + except NsoException as ex: + client.logout() + module.fail_json(msg=ex.message) + except ModuleFailException as ex: + client.logout() + module.fail_json(msg=ex.message) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_show.py b/ansible_collections/cisco/nso/plugins/modules/nso_show.py new file mode 100644 index 00000000..e9d8963d --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/nso_show.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017 Cisco and/or its affiliates. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: nso_show +extends_documentation_fragment: +- cisco.nso.nso + +short_description: Displays data from Cisco NSO. +description: + - This module provides support for displaying data from Cisco NSO. +requirements: + - Cisco NSO version 3.4.12 or higher, 4.1.9 or higher, 4.2.6 or higher, + 4.3.7 or higher, 4.4.5 or higher, 4.5 or higher. +author: "Claes Nästén (@cnasten)" +options: + path: + description: Path to NSO data. + required: true + type: str + operational: + description: > + Controls whether or not operational data is included in the result. + type: bool + default: false +''' + +EXAMPLES = ''' +- name: DISPLAY DEVICE INCLUDING OPERATIONAL DATA + cisco.nso.nso_show: + url: https://10.10.20.49/jsonrpc + username: developer + password: C1sco12345 + path: /ncs:devices/device{dist-rtr01} + operational: true + register: result + +- name: Display the result + debug: + var: result + +- name: DISPLAY INTERFACES + cisco.nso.nso_show: + url: "https://10.10.20.49/jsonrpc" + username: developer + password: C1sco12345 + path: /ncs:devices/device{dist-rtr01}/config/interface + operational: true + register: result + +- name: Display the result + debug: + var: result +''' + +RETURN = ''' +output: + description: Configuration + returned: success + type: dict +''' + +from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec +from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException +from ansible.module_utils.basic import AnsibleModule + + +class NsoShow(object): + REQUIRED_VERSIONS = [ + (4, 5), + (4, 4, 5), + (4, 3, 7), + (4, 2, 6), + (4, 1, 9), + (3, 4, 12) + ] + + def __init__(self, check_mode, client, path, operational): + self._check_mode = check_mode + self._client = client + self._path = path + self._operational = operational + + def main(self): + if self._check_mode: + return {} + else: + return self._client.show_config(self._path, self._operational) + + +def main(): + argument_spec = dict( + path=dict(required=True, type='str'), + operational=dict(required=False, type='bool', default=False) + ) + argument_spec.update(nso_argument_spec) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + p = module.params + + client = connect(p) + nso_show = NsoShow( + module.check_mode, client, + p['path'], p['operational']) + try: + verify_version(client, NsoShow.REQUIRED_VERSIONS) + + output = nso_show.main() + client.logout() + module.exit_json(changed=False, output=output) + except NsoException as ex: + client.logout() + module.fail_json(msg=ex.message) + except ModuleFailException as ex: + client.logout() + module.fail_json(msg=ex.message) + + +if __name__ == '__main__': + main() diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_verify.py b/ansible_collections/cisco/nso/plugins/modules/nso_verify.py new file mode 100644 index 00000000..03759706 --- /dev/null +++ b/ansible_collections/cisco/nso/plugins/modules/nso_verify.py @@ -0,0 +1,201 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2017 Cisco and/or its affiliates. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: nso_verify +extends_documentation_fragment: +- cisco.nso.nso + +short_description: Verifies Cisco NSO configuration. +description: + - This module provides support for verifying Cisco NSO configuration is in + compliance with specified values. +requirements: + - Cisco NSO version 3.4.12 or higher, 4.2.7 or higher, + 4.3.8 or higher, 4.4.3 or higher, 4.5 or higher. +author: "Claes Nästén (@cnasten)" +options: + data: + description: > + NSO data in format as C(| display json) converted to YAML. List entries can + be annotated with a C(__state) entry. Set to in-sync/deep-in-sync for + services to verify service is in sync with the network. Set to absent in + list entries to ensure they are deleted if they exist in NSO. + required: true + type: dict +''' + +EXAMPLES = ''' +- name: VERIFY INTERFACE IS ADMINISTRATIVELY UP + cisco.nso.nso_verify: + url: http://localhost:8080/jsonrpc + username: username + password: password + data: + tailf-ncs:devices: + device: + - name: dist-sw01 + config: + interface: + Ethernet: + - name: "1/1" + shutdown: false +''' + +RETURN = ''' +violations: + description: List of value violations + returned: failed + type: complex + sample: + - path: /ncs:devices/device{dist-sw01}/config/interface/Ethernet{1/1}/shutdown + expected-value: false + value: true + contains: + path: + description: Path to the value in violation + returned: always + type: str + expected-value: + description: Expected value of path + returned: always + type: str + value: + description: Current value of path + returned: always + type: str +''' + +from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec +from ansible_collections.cisco.nso.plugins.module_utils.nso import normalize_value +from ansible_collections.cisco.nso.plugins.module_utils.nso import State, ValueBuilder +from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException +from ansible.module_utils.basic import AnsibleModule + + +class NsoVerify(object): + REQUIRED_VERSIONS = [ + (4, 5), + (4, 4, 3), + (4, 3, 8), + (4, 2, 7), + (3, 4, 12) + ] + + def __init__(self, client, data): + self._client = client + self._data = data + + def main(self): + violations = [] + + # build list of values from configured data + value_builder = ValueBuilder(self._client, 'verify') + for key, value in self._data.items(): + value_builder.build('', key, value) + + for expected_value in value_builder.values: + if expected_value.state == State.PRESENT: + violations.append({ + 'path': expected_value.path, + 'expected-value': 'present', + 'value': 'absent' + }) + elif expected_value.state == State.ABSENT: + violations.append({ + 'path': expected_value.path, + 'expected-value': 'absent', + 'value': 'present' + }) + elif expected_value.state == State.SET: + try: + value = self._client.get_value(expected_value.path)['value'] + except NsoException as ex: + if ex.error.get('type', '') == 'data.not_found': + value = None + else: + raise + + # handle different types properly + n_value = normalize_value( + expected_value.value, value, expected_value.path) + if n_value != expected_value.value: + # if the value comparison fails, try mapping identityref + value_type = value_builder.get_type(expected_value.path) + if value_type is not None and 'identityref' in value_type: + n_value, t_value = self.get_prefix_name(value) + + if expected_value.value != n_value: + violations.append({ + 'path': expected_value.path, + 'expected-value': expected_value.value, + 'value': n_value + }) + else: + raise ModuleFailException( + 'value state {0} not supported at {1}'.format( + expected_value.state, expected_value.path)) + + return violations + + +def main(): + argument_spec = dict( + data=dict(required=True, type='dict') + ) + argument_spec.update(nso_argument_spec) + + module = AnsibleModule( + argument_spec=argument_spec, + supports_check_mode=True + ) + p = module.params + + client = connect(p) + nso_verify = NsoVerify(client, p['data']) + try: + verify_version(client, NsoVerify.REQUIRED_VERSIONS) + + violations = nso_verify.main() + client.logout() + + num_violations = len(violations) + if num_violations > 0: + msg = '{0} value{1} differ'.format( + num_violations, num_violations > 1 and 's' or '') + module.fail_json(msg=msg, violations=violations) + else: + module.exit_json(changed=False) + + except NsoException as ex: + client.logout() + module.fail_json(msg=ex.message) + except ModuleFailException as ex: + client.logout() + module.fail_json(msg=ex.message) + + +if __name__ == '__main__': + main() |