summaryrefslogtreecommitdiffstats
path: root/ansible_collections/cisco/nso/plugins
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 16:03:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 16:03:42 +0000
commit66cec45960ce1d9c794e9399de15c138acb18aed (patch)
tree59cd19d69e9d56b7989b080da7c20ef1a3fe2a5a /ansible_collections/cisco/nso/plugins
parentInitial commit. (diff)
downloadansible-66cec45960ce1d9c794e9399de15c138acb18aed.tar.xz
ansible-66cec45960ce1d9c794e9399de15c138acb18aed.zip
Adding upstream version 7.3.0+dfsg.upstream/7.3.0+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cisco/nso/plugins')
-rw-r--r--ansible_collections/cisco/nso/plugins/doc_fragments/nso.py49
-rw-r--r--ansible_collections/cisco/nso/plugins/module_utils/__init__.py0
-rw-r--r--ansible_collections/cisco/nso/plugins/module_utils/nso.py833
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/__init__.py0
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/nso_action.py211
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/nso_config.py338
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/nso_query.py129
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/nso_show.py145
-rw-r--r--ansible_collections/cisco/nso/plugins/modules/nso_verify.py201
9 files changed, 1906 insertions, 0 deletions
diff --git a/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py b/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py
new file mode 100644
index 00000000..11d458db
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/doc_fragments/nso.py
@@ -0,0 +1,49 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Cisco and/or its affiliates.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+ DOCUMENTATION = r'''
+options:
+ url:
+ description: NSO JSON-RPC URL, http://localhost:8080/jsonrpc
+ type: str
+ required: true
+ username:
+ description: NSO username
+ type: str
+ required: true
+ password:
+ description: NSO password
+ type: str
+ required: true
+ timeout:
+ description: JSON-RPC request timeout in seconds
+ type: int
+ default: 300
+ validate_certs:
+ description: When set to true, validates the SSL certificate of NSO when
+ using SSL
+ type: bool
+ required: false
+ default: false
+seealso:
+ - name: Cisco DevNet NSO Sandbox
+ description: Provides a reservable pod with NSO, virtual network topology simulated with Cisco CML and a Linux host running Ansible
+ link: https://blogs.cisco.com/developer/nso-learning-lab-and-sandbox
+ - name: NSO Developer Resources on DevNet
+ description: Documentation for getting started using NSO
+ link: https://developer.cisco.com/docs/nso/
+ - name: NSO Developer Hub
+ description: Collaboration community portal for NSO developers
+ link: https://community.cisco.com/t5/nso-developer-hub/ct-p/5672j-dev-nso
+ - name: NSO Developer Github
+ description: Code for NSO on Github
+ link: https://github.com/NSO-developer/
+'''
diff --git a/ansible_collections/cisco/nso/plugins/module_utils/__init__.py b/ansible_collections/cisco/nso/plugins/module_utils/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/module_utils/__init__.py
diff --git a/ansible_collections/cisco/nso/plugins/module_utils/nso.py b/ansible_collections/cisco/nso/plugins/module_utils/nso.py
new file mode 100644
index 00000000..5e469cdd
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/module_utils/nso.py
@@ -0,0 +1,833 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2017, Cisco and/or its affiliates.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+from ansible.module_utils.basic import env_fallback
+from ansible.module_utils.urls import open_url
+from ansible.module_utils._text import to_text
+
+import json
+import re
+import socket
+
+try:
+ unicode
+ HAVE_UNICODE = True
+except NameError:
+ unicode = str
+ HAVE_UNICODE = False
+
+
+nso_argument_spec = dict(
+ url=dict(type='str', required=True),
+ username=dict(type='str', required=True, fallback=(env_fallback, ['ANSIBLE_NET_USERNAME'])),
+ password=dict(type='str', required=True, no_log=True, fallback=(env_fallback, ['ANSIBLE_NET_PASSWORD'])),
+ timeout=dict(type='int', default=300),
+ validate_certs=dict(type='bool', default=False)
+)
+
+
+class State(object):
+ SET = 'set'
+ PRESENT = 'present'
+ ABSENT = 'absent'
+ CHECK_SYNC = 'check-sync'
+ DEEP_CHECK_SYNC = 'deep-check-sync'
+ IN_SYNC = 'in-sync'
+ DEEP_IN_SYNC = 'deep-in-sync'
+
+ SYNC_STATES = ('check-sync', 'deep-check-sync', 'in-sync', 'deep-in-sync')
+
+
+class ModuleFailException(Exception):
+ def __init__(self, message):
+ super(ModuleFailException, self).__init__(message)
+ self.message = message
+
+
+class NsoException(Exception):
+ def __init__(self, message, error):
+ super(NsoException, self).__init__(message)
+ self.message = message
+ self.error = error
+
+
+class JsonRpc(object):
+ def __init__(self, url, timeout, validate_certs):
+ self._url = url
+ self._timeout = timeout
+ self._validate_certs = validate_certs
+ self._id = 0
+ self._trans = {}
+ self._headers = {'Content-Type': 'application/json'}
+ self._conn = None
+ self._system_settings = {}
+
+ def login(self, user, passwd):
+ payload = {
+ 'method': 'login',
+ 'params': {'user': user, 'passwd': passwd}
+ }
+ resp, resp_json = self._call(payload)
+ self._headers['Cookie'] = resp.headers['set-cookie']
+
+ def logout(self):
+ payload = {'method': 'logout', 'params': {}}
+ self._call(payload)
+
+ def get_system_setting(self, setting):
+ if setting not in self._system_settings:
+ payload = {'method': 'get_system_setting', 'params': {'operation': setting}}
+ resp, resp_json = self._call(payload)
+ self._system_settings[setting] = resp_json['result']
+ return self._system_settings[setting]
+
+ def new_trans(self, **kwargs):
+ payload = {'method': 'new_trans', 'params': kwargs}
+ resp, resp_json = self._call(payload)
+ return resp_json['result']['th']
+
+ def get_trans(self, mode):
+ if mode not in self._trans:
+ th = self.new_trans(mode=mode)
+ self._trans[mode] = th
+ return self._trans[mode]
+
+ def delete_trans(self, th):
+ payload = {'method': 'delete_trans', 'params': {'th': th}}
+ resp, resp_json = self._call(payload)
+ self._maybe_delete_trans(th)
+
+ def validate_trans(self, th):
+ payload = {'method': 'validate_trans', 'params': {'th': th}}
+ resp, resp_json = self._write_call(payload)
+ return resp_json['result']
+
+ def get_trans_changes(self, th):
+ payload = {'method': 'get_trans_changes', 'params': {'th': th}}
+ resp, resp_json = self._write_call(payload)
+ return resp_json['result']['changes']
+
+ def validate_commit(self, th, flags=None):
+ if flags:
+ payload = {'method': 'validate_commit', 'params': {'th': th, 'flags': flags}}
+ else:
+ payload = {'method': 'validate_commit', 'params': {'th': th}}
+ resp, resp_json = self._write_call(payload)
+ return resp_json['result'].get('warnings', [])
+
+ def commit(self, th, flags=None):
+ if flags:
+ payload = {'method': 'commit', 'params': {'th': th, 'flags': flags}}
+ else:
+ payload = {'method': 'commit', 'params': {'th': th}}
+ resp, resp_json = self._write_call(payload)
+ if len(resp_json['result']) == 0:
+ self._maybe_delete_trans(th)
+ return resp_json['result']
+
+ def get_schema(self, **kwargs):
+ payload = {'method': 'get_schema', 'params': kwargs}
+ resp, resp_json = self._maybe_write_call(payload)
+ return resp_json['result']
+
+ def get_module_prefix_map(self, path=None):
+ if path is None:
+ payload = {'method': 'get_module_prefix_map', 'params': {}}
+ resp, resp_json = self._call(payload)
+ else:
+ payload = {'method': 'get_module_prefix_map', 'params': {'path': path}}
+ resp, resp_json = self._maybe_write_call(payload)
+ return resp_json['result']
+
+ def get_value(self, path):
+ payload = {
+ 'method': 'get_value',
+ 'params': {'path': path}
+ }
+ resp, resp_json = self._read_call(payload)
+ return resp_json['result']
+
+ def exists(self, path):
+ payload = {'method': 'exists', 'params': {'path': path}}
+ try:
+ resp, resp_json = self._read_call(payload)
+ return resp_json['result']['exists']
+ except NsoException as ex:
+ # calling exists on a sub-list when the parent list does
+ # not exists will cause data.not_found errors on recent
+ # NSO
+ if 'type' in ex.error and ex.error['type'] == 'data.not_found':
+ return False
+ raise
+
+ def create(self, th, path):
+ payload = {'method': 'create', 'params': {'th': th, 'path': path}}
+ self._write_call(payload)
+
+ def delete(self, th, path):
+ payload = {'method': 'delete', 'params': {'th': th, 'path': path}}
+ self._write_call(payload)
+
+ def set_value(self, th, path, value):
+ payload = {
+ 'method': 'set_value',
+ 'params': {'th': th, 'path': path, 'value': value}
+ }
+ resp, resp_json = self._write_call(payload)
+ return resp_json['result']
+
+ def show_config(self, path, operational=False):
+ payload = {
+ 'method': 'show_config',
+ 'params': {
+ 'path': path,
+ 'result_as': 'json',
+ 'with_oper': operational}
+ }
+ resp, resp_json = self._read_call(payload)
+ return resp_json['result']
+
+ def query(self, xpath, fields):
+ payload = {
+ 'method': 'query',
+ 'params': {
+ 'xpath_expr': xpath,
+ 'selection': fields
+ }
+ }
+ resp, resp_json = self._read_call(payload)
+ return resp_json['result']['results']
+
+ def run_action(self, th, path, params=None):
+ if params is None:
+ params = {}
+
+ if is_version(self, [(4, 5), (4, 4, 3)]):
+ result_format = 'json'
+ else:
+ result_format = 'normal'
+
+ payload = {
+ 'method': 'run_action',
+ 'params': {
+ 'format': result_format,
+ 'path': path,
+ 'params': params
+ }
+ }
+
+ if th is None:
+ resp, resp_json = self._read_call(payload)
+ else:
+ payload['params']['th'] = th
+ resp, resp_json = self._call(payload)
+
+ if result_format == 'normal':
+ # this only works for one-level results, list entries,
+ # containers etc will have / in their name.
+ result = {}
+ for info in resp_json['result']:
+ result[info['name']] = info['value']
+ else:
+ result = resp_json['result']
+
+ return result
+
+ def _call(self, payload):
+ self._id += 1
+ if 'id' not in payload:
+ payload['id'] = self._id
+
+ if 'jsonrpc' not in payload:
+ payload['jsonrpc'] = '2.0'
+
+ data = json.dumps(payload)
+ try:
+ resp = open_url(
+ self._url, timeout=self._timeout,
+ method='POST', data=data, headers=self._headers,
+ validate_certs=self._validate_certs)
+ if resp.code != 200:
+ raise NsoException(
+ 'NSO returned HTTP code {0}, expected 200'.format(resp.status), {})
+ except socket.timeout:
+ raise NsoException('request timed out against NSO at {0}'.format(self._url), {})
+
+ resp_body = resp.read()
+ resp_json = json.loads(resp_body)
+
+ if 'error' in resp_json:
+ self._handle_call_error(payload, resp_json)
+ return resp, resp_json
+
+ def _handle_call_error(self, payload, resp_json):
+ method = payload['method']
+
+ error = resp_json['error']
+ error_type = error['type'][len('rpc.method.'):]
+ if error_type in ('unexpected_params',
+ 'unknown_params_value',
+ 'invalid_params',
+ 'invalid_params_type',
+ 'data_not_found'):
+ key = error['data']['param']
+ error_type_s = error_type.replace('_', ' ')
+ if key == 'path':
+ msg = 'NSO {0} {1}. path = {2}'.format(
+ method, error_type_s, payload['params']['path'])
+ else:
+ path = payload['params'].get('path', 'unknown')
+ msg = 'NSO {0} {1}. path = {2}. {3} = {4}'.format(
+ method, error_type_s, path, key, payload['params'][key])
+ else:
+ msg = 'NSO {0} returned JSON-RPC error: {1}'.format(method, error)
+
+ raise NsoException(msg, error)
+
+ def _read_call(self, payload):
+ if 'th' not in payload['params']:
+ payload['params']['th'] = self.get_trans(mode='read')
+ return self._call(payload)
+
+ def _write_call(self, payload):
+ if 'th' not in payload['params']:
+ payload['params']['th'] = self.get_trans(mode='read_write')
+ return self._call(payload)
+
+ def _maybe_write_call(self, payload):
+ if 'read_write' in self._trans:
+ return self._write_call(payload)
+ else:
+ return self._read_call(payload)
+
+ def _maybe_delete_trans(self, th):
+ for mode in ('read', 'read_write'):
+ if th == self._trans.get(mode, None):
+ del self._trans[mode]
+
+
+class ValueBuilder(object):
+ PATH_RE = re.compile('{[^}]*}')
+ PATH_RE_50 = re.compile('{[^}]*}$')
+
+ class Value(object):
+ __slots__ = ['path', 'tag_path', 'state', 'value', 'deps']
+
+ def __init__(self, path, state, value, deps):
+ self.path = path
+ self.tag_path = ValueBuilder.PATH_RE.sub('', path)
+ self.state = state
+ self.value = value
+ self.deps = deps
+
+ # nodes can depend on themselves
+ if self.tag_path in self.deps:
+ self.deps.remove(self.tag_path)
+
+ def __lt__(self, rhs):
+ l_len = len(self.path.split('/'))
+ r_len = len(rhs.path.split('/'))
+ if l_len == r_len:
+ return self.path.__lt__(rhs.path)
+ return l_len < r_len
+
+ def __str__(self):
+ return 'Value<path={0}, state={1}, value={2}>'.format(
+ self.path, self.state, self.value)
+
+ class ValueIterator(object):
+ def __init__(self, client, values, delayed_values):
+ self._client = client
+ self._values = values
+ self._delayed_values = delayed_values
+ self._pos = 0
+
+ def __iter__(self):
+ return self
+
+ def __next__(self):
+ return self.next()
+
+ def next(self):
+ if self._pos >= len(self._values):
+ if len(self._delayed_values) == 0:
+ raise StopIteration()
+
+ builder = ValueBuilder(self._client, delay=False)
+ for (parent, maybe_qname, value) in self._delayed_values:
+ builder.build(parent, maybe_qname, value)
+ del self._delayed_values[:]
+ self._values.extend(builder.values)
+
+ return self.next()
+
+ value = self._values[self._pos]
+ self._pos += 1
+ return value
+
+ def __init__(self, client, mode='config', delay=None):
+ self._client = client
+ self._mode = mode
+ self._schema_cache = {}
+ self._module_prefix_map_cache = {}
+ self._values = []
+ self._values_dirty = False
+ self._delay = delay is None and mode == 'config' and is_version(self._client, [(5, 0)])
+ self._delayed_values = []
+
+ def build(self, parent, maybe_qname, value, schema=None):
+ qname, name = self.get_prefix_name(parent, maybe_qname)
+ if name is None:
+ path = parent
+ else:
+ path = '{0}/{1}'.format(parent, qname)
+
+ if schema is None:
+ schema = self._get_schema(path)
+
+ if self._delay and schema.get('is_mount_point', False):
+ # delay conversion of mounted values, required to get
+ # shema information on 5.0 and later.
+ self._delayed_values.append((parent, maybe_qname, value))
+ elif self._is_leaf_list(schema) and is_version(self._client, [(4, 5)]):
+ self._build_leaf_list(path, schema, value)
+ elif self._is_leaf(schema):
+ deps = schema.get('deps', [])
+ if self._is_empty_leaf(schema):
+ exists = self._client.exists(path)
+ if exists and value != [None]:
+ self._add_value(path, State.ABSENT, None, deps)
+ elif not exists and value == [None]:
+ self._add_value(path, State.PRESENT, None, deps)
+ else:
+ if maybe_qname is None:
+ value_type = self.get_type(path)
+ else:
+ value_type = self._get_child_type(parent, qname)
+
+ if 'identityref' in value_type:
+ if isinstance(value, list):
+ value = [ll_v for ll_v, t_ll_v
+ in [self.get_prefix_name(parent, v) for v in value]]
+ else:
+ value, t_value = self.get_prefix_name(parent, value)
+ self._add_value(path, State.SET, value, deps)
+ elif isinstance(value, dict):
+ self._build_dict(path, schema, value)
+ elif isinstance(value, list):
+ self._build_list(path, schema, value)
+ else:
+ raise ModuleFailException(
+ 'unsupported schema {0} at {1}'.format(
+ schema['kind'], path))
+
+ @property
+ def values(self):
+ if self._values_dirty:
+ self._values = ValueBuilder.sort_values(self._values)
+ self._values_dirty = False
+
+ return ValueBuilder.ValueIterator(self._client, self._values, self._delayed_values)
+
+ @staticmethod
+ def sort_values(values):
+ class N(object):
+ def __init__(self, v):
+ self.tmp_mark = False
+ self.mark = False
+ self.v = v
+
+ sorted_values = []
+ nodes = [N(v) for v in sorted(values)]
+
+ def get_node(tag_path):
+ return next((m for m in nodes
+ if m.v.tag_path == tag_path), None)
+
+ def is_cycle(n, dep, visited):
+ visited.add(n.v.tag_path)
+ if dep in visited:
+ return True
+
+ dep_n = get_node(dep)
+ if dep_n is not None:
+ for sub_dep in dep_n.v.deps:
+ if is_cycle(dep_n, sub_dep, visited):
+ return True
+
+ return False
+
+ # check for dependency cycles, remove if detected. sort will
+ # not be 100% but allows for a best-effort to work around
+ # issue in NSO.
+ for n in nodes:
+ for dep in n.v.deps:
+ if is_cycle(n, dep, set()):
+ n.v.deps.remove(dep)
+
+ def visit(n):
+ if n.tmp_mark:
+ return False
+ if not n.mark:
+ n.tmp_mark = True
+ for m in nodes:
+ if m.v.tag_path in n.v.deps:
+ if not visit(m):
+ return False
+
+ n.tmp_mark = False
+ n.mark = True
+
+ sorted_values.insert(0, n.v)
+
+ return True
+
+ n = next((n for n in nodes if not n.mark), None)
+ while n is not None:
+ visit(n)
+ n = next((n for n in nodes if not n.mark), None)
+
+ return sorted_values[::-1]
+
+ def _build_dict(self, path, schema, value):
+ keys = schema.get('key', [])
+ for dict_key, dict_value in value.items():
+ qname, name = self.get_prefix_name(path, dict_key)
+ if dict_key in ('__state', ) or name in keys:
+ continue
+
+ child_schema = self._find_child(path, schema, qname)
+ self.build(path, dict_key, dict_value, child_schema)
+
+ def _build_leaf_list(self, path, schema, value):
+ deps = schema.get('deps', [])
+ entry_type = self.get_type(path, schema)
+
+ if self._mode == 'verify':
+ for entry in value:
+ if 'identityref' in entry_type:
+ entry, t_entry = self.get_prefix_name(path, entry)
+ entry_path = '{0}{{{1}}}'.format(path, entry)
+ if not self._client.exists(entry_path):
+ self._add_value(entry_path, State.ABSENT, None, deps)
+ else:
+ # remove leaf list if treated as a list and then re-create the
+ # expected list entries.
+ self._add_value(path, State.ABSENT, None, deps)
+
+ for entry in value:
+ if 'identityref' in entry_type:
+ entry, t_entry = self.get_prefix_name(path, entry)
+ entry_path = '{0}{{{1}}}'.format(path, entry)
+ self._add_value(entry_path, State.PRESENT, None, deps)
+
+ def _build_list(self, path, schema, value):
+ deps = schema.get('deps', [])
+ for entry in value:
+ entry_key = self._build_key(path, entry, schema['key'])
+ entry_path = '{0}{{{1}}}'.format(path, entry_key)
+ entry_state = entry.get('__state', 'present')
+ entry_exists = self._client.exists(entry_path)
+
+ if entry_state == 'absent':
+ if entry_exists:
+ self._add_value(entry_path, State.ABSENT, None, deps)
+ else:
+ if not entry_exists:
+ self._add_value(entry_path, State.PRESENT, None, deps)
+ if entry_state in State.SYNC_STATES:
+ self._add_value(entry_path, entry_state, None, deps)
+
+ self.build(entry_path, None, entry)
+
+ def _build_key(self, path, entry, schema_keys):
+ key_parts = []
+ for key in schema_keys:
+ value = entry.get(key, None)
+ if value is None:
+ raise ModuleFailException(
+ 'required leaf {0} in {1} not set in data'.format(
+ key, path))
+
+ value_type = self._get_child_type(path, key)
+ if 'identityref' in value_type:
+ value, t_value = self.get_prefix_name(path, value)
+ key_parts.append(self._quote_key(value))
+ return ' '.join(key_parts)
+
+ def _quote_key(self, key):
+ if isinstance(key, bool):
+ return key and 'true' or 'false'
+
+ q_key = []
+ for c in str(key):
+ if c in ('{', '}', "'", '\\'):
+ q_key.append('\\')
+ q_key.append(c)
+ q_key = ''.join(q_key)
+ if ' ' in q_key:
+ return '"{0}"'.format(q_key)
+ return q_key
+
+ def _find_child(self, path, schema, qname):
+ if 'children' not in schema:
+ schema = self._get_schema(path)
+
+ # look for the qualified name if : is in the name
+ child_schema = self._get_child(schema, qname)
+ if child_schema is not None:
+ return child_schema
+
+ # no child was found, look for a choice with a child matching
+ for child_schema in schema['children']:
+ if child_schema['kind'] != 'choice':
+ continue
+ choice_child_schema = self._get_choice_child(child_schema, qname)
+ if choice_child_schema is not None:
+ return choice_child_schema
+
+ raise ModuleFailException(
+ 'no child in {0} with name {1}. children {2}'.format(
+ path, qname, ','.join((c.get('qname', c.get('name', None)) for c in schema['children']))))
+
+ def _add_value(self, path, state, value, deps):
+ self._values.append(ValueBuilder.Value(path, state, value, deps))
+ self._values_dirty = True
+
+ def get_prefix_name(self, path, qname):
+ if not isinstance(qname, (str, unicode)):
+ return qname, None
+ if ':' not in qname:
+ return qname, qname
+
+ module_prefix_map = self._get_module_prefix_map(path)
+ module, name = qname.split(':', 1)
+ if module not in module_prefix_map:
+ raise ModuleFailException(
+ 'no module mapping for module {0}. loaded modules {1}'.format(
+ module, ','.join(sorted(module_prefix_map.keys()))))
+
+ return '{0}:{1}'.format(module_prefix_map[module], name), name
+
+ def _get_schema(self, path):
+ return self._ensure_schema_cached(path)['data']
+
+ def _get_child_type(self, parent_path, key):
+ all_schema = self._ensure_schema_cached(parent_path)
+ parent_schema = all_schema['data']
+ meta = all_schema['meta']
+ schema = self._find_child(parent_path, parent_schema, key)
+ return self.get_type(parent_path, schema, meta)
+
+ def get_type(self, path, schema=None, meta=None):
+ if schema is None or meta is None:
+ all_schema = self._ensure_schema_cached(path)
+ schema = all_schema['data']
+ meta = all_schema['meta']
+
+ if self._is_leaf(schema):
+ def get_type(meta, curr_type):
+ if curr_type.get('primitive', False):
+ return [curr_type['name']]
+ if 'namespace' in curr_type:
+ curr_type_key = '{0}:{1}'.format(
+ curr_type['namespace'], curr_type['name'])
+ type_info = meta['types'][curr_type_key][-1]
+ return get_type(meta, type_info)
+ if 'leaf_type' in curr_type:
+ return get_type(meta, curr_type['leaf_type'][-1])
+ if 'union' in curr_type:
+ union_types = []
+ for union_type in curr_type['union']:
+ union_types.extend(get_type(meta, union_type[-1]))
+ return union_types
+ return [curr_type.get('name', 'unknown')]
+
+ return get_type(meta, schema['type'])
+ return None
+
+ def _ensure_schema_cached(self, path):
+ if not self._delay and is_version(self._client, [(5, 0)]):
+ # newer versions of NSO support multiple different schemas
+ # for different devices, thus the device is required to
+ # look up the schema. Remove the key entry to get schema
+ # logic working ok.
+ path = ValueBuilder.PATH_RE_50.sub('', path)
+ else:
+ path = ValueBuilder.PATH_RE.sub('', path)
+
+ if path not in self._schema_cache:
+ schema = self._client.get_schema(path=path, levels=1)
+ self._schema_cache[path] = schema
+ return self._schema_cache[path]
+
+ def _get_module_prefix_map(self, path):
+ # newer versions of NSO support multiple mappings from module
+ # to prefix depending on which device is used.
+ if path != '' and is_version(self._client, [(5, 0)]):
+ if path not in self._module_prefix_map_cache:
+ self._module_prefix_map_cache[path] = self._client.get_module_prefix_map(path)
+ return self._module_prefix_map_cache[path]
+
+ if '' not in self._module_prefix_map_cache:
+ self._module_prefix_map_cache[''] = self._client.get_module_prefix_map()
+ return self._module_prefix_map_cache['']
+
+ def _get_child(self, schema, qname):
+ # no child specified, return parent
+ if qname is None:
+ return schema
+
+ name_key = ':' in qname and 'qname' or 'name'
+ return next((c for c in schema['children']
+ if c.get(name_key, None) == qname), None)
+
+ def _get_choice_child(self, schema, qname):
+ name_key = ':' in qname and 'qname' or 'name'
+ for child_case in schema['cases']:
+ # look for direct child
+ choice_child_schema = next(
+ (c for c in child_case['children']
+ if c.get(name_key, None) == qname), None)
+ if choice_child_schema is not None:
+ return choice_child_schema
+
+ # look for nested choice
+ for child_schema in child_case['children']:
+ if child_schema['kind'] != 'choice':
+ continue
+ choice_child_schema = self._get_choice_child(child_schema, qname)
+ if choice_child_schema is not None:
+ return choice_child_schema
+ return None
+
+ def _is_leaf_list(self, schema):
+ return schema.get('kind', None) == 'leaf-list'
+
+ def _is_leaf(self, schema):
+ # still checking for leaf-list here to be compatible with pre
+ # 4.5 versions of NSO.
+ return schema.get('kind', None) in ('key', 'leaf', 'leaf-list')
+
+ def _is_empty_leaf(self, schema):
+ return (schema.get('kind', None) == 'leaf' and
+ schema['type'].get('primitive', False) and
+ schema['type'].get('name', '') == 'empty')
+
+
+def connect(params):
+ client = JsonRpc(params['url'],
+ params['timeout'],
+ params['validate_certs'])
+ client.login(params['username'], params['password'])
+ return client
+
+
+def verify_version(client, required_versions):
+ version_str = client.get_system_setting('version')
+ client._version = version_str
+ if not verify_version_str(version_str, required_versions):
+ supported_versions = ', '.join(
+ ['.'.join([str(p) for p in required_version])
+ for required_version in required_versions])
+ raise ModuleFailException(
+ 'unsupported NSO version {0}. {1} or later supported'.format(
+ version_str, supported_versions))
+
+
+def is_version(client, required_versions):
+ version_str = client.get_system_setting('version')
+ return verify_version_str(version_str, required_versions)
+
+
+def verify_version_str(version_str, required_versions):
+ version_str = re.sub('_.*', '', version_str)
+
+ version = [int(p) for p in version_str.split('.')]
+ if len(version) < 2:
+ raise ModuleFailException(
+ 'unsupported NSO version format {0}'.format(version_str))
+
+ def check_version(required_version, version):
+ for pos in range(len(required_version)):
+ if pos >= len(version):
+ return False
+ if version[pos] > required_version[pos]:
+ return True
+ if version[pos] < required_version[pos]:
+ return False
+ return True
+
+ for required_version in required_versions:
+ if check_version(required_version, version):
+ return True
+ return False
+
+
+def normalize_value(expected_value, value, key):
+ if value is None:
+ return None
+ if (isinstance(expected_value, bool) and
+ isinstance(value, (str, unicode))):
+ return value == 'true'
+ if isinstance(expected_value, int):
+ try:
+ return int(value)
+ except TypeError:
+ raise ModuleFailException(
+ 'returned value {0} for {1} is not a valid integer'.format(
+ key, value))
+ if isinstance(expected_value, float):
+ try:
+ return float(value)
+ except TypeError:
+ raise ModuleFailException(
+ 'returned value {0} for {1} is not a valid float'.format(
+ key, value))
+ if isinstance(expected_value, (list, tuple)):
+ if not isinstance(value, (list, tuple)):
+ raise ModuleFailException(
+ 'returned value {0} for {1} is not a list'.format(value, key))
+ if len(expected_value) != len(value):
+ raise ModuleFailException(
+ 'list length mismatch for {0}'.format(key))
+
+ normalized_value = []
+ for i in range(len(expected_value)):
+ normalized_value.append(
+ normalize_value(expected_value[i], value[i], '{0}[{1}]'.format(key, i)))
+ return normalized_value
+
+ if isinstance(expected_value, dict):
+ if not isinstance(value, dict):
+ raise ModuleFailException(
+ 'returned value {0} for {1} is not a dict'.format(value, key))
+ if len(expected_value) != len(value):
+ raise ModuleFailException(
+ 'dict length mismatch for {0}'.format(key))
+
+ normalized_value = {}
+ for k in expected_value.keys():
+ n_k = normalize_value(k, k, '{0}[{1}]'.format(key, k))
+ if n_k not in value:
+ raise ModuleFailException('missing {0} in value'.format(n_k))
+ normalized_value[n_k] = normalize_value(expected_value[k], value[k], '{0}[{1}]'.format(key, k))
+ return normalized_value
+
+ if HAVE_UNICODE:
+ if isinstance(expected_value, unicode) and isinstance(value, str):
+ return value.decode('utf-8')
+ if isinstance(expected_value, str) and isinstance(value, unicode):
+ return value.encode('utf-8')
+ else:
+ if hasattr(expected_value, 'encode') and hasattr(value, 'decode'):
+ return value.decode('utf-8')
+ if hasattr(expected_value, 'decode') and hasattr(value, 'encode'):
+ return value.encode('utf-8')
+
+ return value
diff --git a/ansible_collections/cisco/nso/plugins/modules/__init__.py b/ansible_collections/cisco/nso/plugins/modules/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/__init__.py
diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_action.py b/ansible_collections/cisco/nso/plugins/modules/nso_action.py
new file mode 100644
index 00000000..b5db2084
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/nso_action.py
@@ -0,0 +1,211 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Cisco and/or its affiliates.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: nso_action
+extends_documentation_fragment:
+- cisco.nso.nso
+
+short_description: Executes Cisco NSO actions and verifies output.
+description:
+ - This module provides support for executing Cisco NSO actions and then
+ verifying that the output is as expected.
+requirements:
+ - Cisco NSO version 3.4 or higher.
+author: "Claes Nästén (@cnasten)"
+options:
+ path:
+ description: Path to NSO action.
+ required: true
+ type: str
+ input:
+ description: >
+ NSO action parameters.
+ type: dict
+ output_required:
+ description: >
+ Required output parameters.
+ type: dict
+ output_invalid:
+ description: >
+ List of result parameter names that will cause the task to fail if they
+ are present.
+ type: dict
+ validate_strict:
+ description: >
+ If set to true, the task will fail if any output parameters not in
+ output_required is present in the output.
+ type: bool
+ default: False
+'''
+
+EXAMPLES = '''
+- name: Sync NSO device
+ cisco.nso.nso_action:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ path: /ncs:devices/device{dist-rtr01}/sync-from
+ input: {}
+
+- name: Check device sync
+ cisco.nso.nso_action:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ path: /ncs:devices/check-sync
+ input: {}
+
+- name: Load Native Config
+ cisco.nso.nso_action:
+ url: "https://10.10.20.49/jsonrpc"
+ username: developer
+ password: C1sco12345
+ path: /ncs:devices/ncs:device{dist-rtr01}/load-native-config
+ input: { file: "/home/developer/test.cfg" , verbose: true, mode: "merge"}
+ register: result
+'''
+
+RETURN = '''
+output:
+ description: Action output
+ returned: success
+ type: dict
+ sample:
+ result: true
+'''
+
+from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec
+from ansible_collections.cisco.nso.plugins.module_utils.nso import normalize_value
+from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException
+from ansible.module_utils.basic import AnsibleModule
+
+
+class NsoAction(object):
+
+ REQUIRED_VERSIONS = [
+ (3, 4)
+ ]
+
+ def __init__(self, check_mode, client,
+ path, input,
+ output_required, output_invalid, validate_strict):
+ self._check_mode = check_mode
+ self._client = client
+ self._path = path
+ self._input = input
+ self._output_required = output_required
+ self._output_invalid = output_invalid
+ self._validate_strict = validate_strict
+
+ def main(self):
+ schema = self._client.get_schema(path=self._path)
+ if schema['data']['kind'] != 'action':
+ raise ModuleFailException('{0} is not an action'.format(self._path))
+ input_schema = []
+ for c in schema['data']['children']:
+ if c.get('is_action_input', False):
+ if c['kind'] == 'choice':
+ for case in c['cases']:
+ input_schema.append(case)
+ else:
+ input_schema.append(c)
+
+ for key, value in self._input.items():
+ child = next((c for c in input_schema if c['name'] == key), None)
+ if child is None:
+ raise ModuleFailException("unsupported input parameter '{0}'".format(key))
+
+ # implement type validation in the future
+
+ if self._check_mode:
+ return {}
+ else:
+ return self._run_and_verify()
+
+ def _run_and_verify(self):
+ output = self._client.run_action(None, self._path, self._input)
+ for key, value in self._output_required.items():
+ if key not in output:
+ raise ModuleFailException('{0} not in result'.format(key))
+
+ n_value = normalize_value(value, output[key], key)
+ if value != n_value:
+ msg = '{0} value mismatch. expected {1} got {2}'.format(
+ key, value, n_value)
+ raise ModuleFailException(msg)
+
+ for key in self._output_invalid.keys():
+ if key in output:
+ raise ModuleFailException('{0} not allowed in result'.format(key))
+
+ if self._validate_strict:
+ for name in output.keys():
+ if name not in self._output_required:
+ raise ModuleFailException('{0} not allowed in result'.format(name))
+
+ return output
+
+
+def main():
+ argument_spec = dict(
+ path=dict(required=True),
+ input=dict(required=False, type='dict', default={}),
+ output_required=dict(required=False, type='dict', default={}),
+ output_invalid=dict(required=False, type='dict', default={}),
+ validate_strict=dict(required=False, type='bool', default=False)
+ )
+ argument_spec.update(nso_argument_spec)
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+ p = module.params
+
+ client = connect(p)
+ nso_action = NsoAction(
+ module.check_mode, client,
+ p['path'],
+ p['input'],
+ p['output_required'],
+ p['output_invalid'],
+ p['validate_strict'])
+ try:
+ verify_version(client, NsoAction.REQUIRED_VERSIONS)
+
+ output = nso_action.main()
+ client.logout()
+ module.exit_json(changed=True, output=output)
+ except NsoException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+ except ModuleFailException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_config.py b/ansible_collections/cisco/nso/plugins/modules/nso_config.py
new file mode 100644
index 00000000..01ee40ec
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/nso_config.py
@@ -0,0 +1,338 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Cisco and/or its affiliates.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: nso_config
+extends_documentation_fragment:
+- cisco.nso.nso
+
+short_description: Manage Cisco NSO configuration and service synchronization.
+description:
+ - This module provides support for managing configuration in Cisco NSO and
+ can also ensure services are in sync.
+requirements:
+ - Cisco NSO version 3.4.12 or higher, 4.2.7 or higher,
+ 4.3.8 or higher, 4.4.3 or higher, 4.5 or higher.
+author: "Claes Nästén (@cnasten)"
+options:
+ data:
+ description: >
+ NSO data in format as | display json converted to YAML. List entries can
+ be annotated with a __state entry. Set to in-sync/deep-in-sync for
+ services to verify service is in sync with the network. Set to absent in
+ list entries to ensure they are deleted if they exist in NSO.
+ required: true
+ type: dict
+ commit_flags:
+ description: >
+ A list containing commit flags. See the API documentation for
+ supported commit flags.
+ https://developer.cisco.com/docs/nso/guides/#!life-cycle-operations-how-to-manipulate-existing-services-and-devices/commit-flags-and-device-service-actions
+ type: list
+ elements: str
+'''
+
+EXAMPLES = '''
+- name: CREATE DEVICE IN NSO
+ cisco.nso.nso_config:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ data:
+ tailf-ncs:devices:
+ device:
+ - address: 10.10.20.175
+ description: CONFIGURED BY ANSIBLE!
+ name: dist-rtr01
+ authgroup: "labadmin"
+ device-type:
+ cli:
+ ned-id: "cisco-ios-cli-6.44"
+ port: "22"
+ state:
+ admin-state: "unlocked"
+
+- name: ADD NEW LOOPBACK
+ cisco.nso.nso_config:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ data:
+ tailf-ncs:devices:
+ device:
+ - name: dist-rtr01
+ config:
+ tailf-ned-cisco-ios:interface:
+ Loopback:
+ - name: "1"
+ description: Created by Ansible!
+
+- name: CONFIGURE IP ADDRESS ON LOOPBACK
+ cisco.nso.nso_config:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ data:
+ tailf-ncs:devices:
+ device:
+ - name: dist-rtr01
+ config:
+ tailf-ned-cisco-ios:interface:
+ Loopback:
+ - name: "1"
+ description: Created by Ansible!
+ ip:
+ address:
+ primary:
+ address: 10.10.10.10
+ mask: 255.255.255.255
+
+- name: CONFIGURE NTP SERVER ON DEVICE
+ cisco.nso.nso_config:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ data:
+ tailf-ncs:devices:
+ device:
+ - name: dist-rtr01
+ config:
+ tailf-ned-cisco-ios:ntp:
+ server:
+ peer-list:
+ - name: 2.2.2.2
+'''
+
+RETURN = '''
+changes:
+ description: List of changes
+ returned: always
+ type: complex
+ sample:
+ - path: "/ncs:devices/device{dist-rtr01}/config/ios:interface/Loopback{1}/ip/address/primary/address"
+ from: null
+ to: "10.10.10.10"
+ type: set
+ contains:
+ path:
+ description: Path to value changed
+ returned: always
+ type: str
+ from:
+ description: Previous value if any, else null
+ returned: When previous value is present on value change
+ type: str
+diffs:
+ description: List of sync changes
+ returned: always
+ type: complex
+ contains:
+ path:
+ description: keypath to service changed
+ returned: always
+ type: str
+ diff:
+ description: configuration difference triggered the re-deploy
+ returned: always
+ type: str
+commit_result:
+ description: Return values from commit operation
+ returned: always
+ type: complex
+ contains:
+ commit_queue:
+ description: Commit queue ID and status, if any
+ returned: When commit-queue is set in commit_flags
+ type: dict
+ sample:
+ - {
+ "commit_queue": {
+ "id": 1611776004976,
+ "status": "async"
+ }
+ }
+
+'''
+
+from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec
+from ansible_collections.cisco.nso.plugins.module_utils.nso import State, ValueBuilder
+from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException
+from ansible.module_utils.basic import AnsibleModule
+
+
+class NsoConfig(object):
+ REQUIRED_VERSIONS = [
+ (4, 5),
+ (4, 4, 3),
+ (4, 3, 8),
+ (4, 2, 7),
+ (3, 4, 12)
+ ]
+
+ def __init__(self, check_mode, client, data, commit_flags):
+ self._check_mode = check_mode
+ self._client = client
+ self._data = data
+ self._commit_flags = commit_flags
+
+ self._changes = []
+ self._diffs = []
+ self._commit_result = []
+
+ def main(self):
+ # build list of values from configured data
+ value_builder = ValueBuilder(self._client)
+ for key, value in self._data.items():
+ value_builder.build('', key, value)
+
+ self._data_write(value_builder.values)
+
+ # check sync AFTER configuration is written
+ sync_values = self._sync_check(value_builder.values)
+ self._sync_ensure(sync_values)
+
+ return self._changes, self._diffs, self._commit_result
+
+ def _data_write(self, values):
+ th = self._client.get_trans(mode='read_write')
+
+ for value in values:
+ if value.state == State.SET:
+ self._client.set_value(th, value.path, value.value)
+ elif value.state == State.PRESENT:
+ self._client.create(th, value.path)
+ elif value.state == State.ABSENT:
+ self._client.delete(th, value.path)
+
+ changes = self._client.get_trans_changes(th)
+ for change in changes:
+ if change['op'] == 'value_set':
+ self._changes.append({
+ 'path': change['path'],
+ 'from': change['old'] or None,
+ 'to': change['value'],
+ 'type': 'set'
+ })
+ elif change['op'] in ('created', 'deleted'):
+ self._changes.append({
+ 'path': change['path'],
+ 'type': change['op'][:-1]
+ })
+
+ if len(changes) > 0:
+ # Fix for validate_commit method not working with commit flags prior to 5.4.
+ # If version < 5.4 then don't send the flags to validate_commit
+ version = float(self._client._version[0:self._client._version.find('.') + 2:])
+ if version >= 5.4:
+ warnings = self._client.validate_commit(th, self._commit_flags)
+ else:
+ warnings = self._client.validate_commit(th)
+ if len(warnings) > 0:
+ raise NsoException(
+ 'failed to validate transaction with warnings: {0}'.format(
+ ', '.join((str(warning) for warning in warnings))), {})
+ if self._check_mode or len(changes) == 0:
+ self._client.delete_trans(th)
+ else:
+ if self._commit_flags:
+ result = self._client.commit(th, self._commit_flags)
+ self._commit_result.append(result)
+ else:
+ result = self._client.commit(th)
+ self._commit_result.append(result)
+
+ def _sync_check(self, values):
+ sync_values = []
+
+ for value in values:
+ if value.state in (State.CHECK_SYNC, State.IN_SYNC):
+ action = 'check-sync'
+ elif value.state in (State.DEEP_CHECK_SYNC, State.DEEP_IN_SYNC):
+ action = 'deep-check-sync'
+ else:
+ action = None
+
+ if action is not None:
+ action_path = '{0}/{1}'.format(value.path, action)
+ action_params = {'outformat': 'cli'}
+ resp = self._client.run_action(None, action_path, action_params)
+ if len(resp) > 0:
+ sync_values.append(
+ ValueBuilder.Value(value.path, value.state, resp[0]['value']))
+
+ return sync_values
+
+ def _sync_ensure(self, sync_values):
+ for value in sync_values:
+ if value.state in (State.CHECK_SYNC, State.DEEP_CHECK_SYNC):
+ raise NsoException(
+ '{0} out of sync, diff {1}'.format(value.path, value.value), {})
+
+ action_path = '{0}/{1}'.format(value.path, 're-deploy')
+ if not self._check_mode:
+ result = self._client.run_action(None, action_path)
+ if not result:
+ raise NsoException(
+ 'failed to re-deploy {0}'.format(value.path), {})
+
+ self._changes.append({'path': value.path, 'type': 're-deploy'})
+ self._diffs.append({'path': value.path, 'diff': value.value})
+
+
+def main():
+ argument_spec = dict(
+ data=dict(required=True, type='dict'),
+ commit_flags=dict(required=False, type='list', elements='str')
+ )
+
+ argument_spec.update(nso_argument_spec)
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+ p = module.params
+ client = connect(p)
+ nso_config = NsoConfig(module.check_mode, client, p['data'], p['commit_flags'])
+ try:
+ verify_version(client, NsoConfig.REQUIRED_VERSIONS)
+
+ changes, diffs, commit_result = nso_config.main()
+ client.logout()
+
+ changed = len(changes) > 0
+ module.exit_json(
+ changed=changed, changes=changes, diffs=diffs, commit_result=commit_result)
+
+ except NsoException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+ except ModuleFailException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_query.py b/ansible_collections/cisco/nso/plugins/modules/nso_query.py
new file mode 100644
index 00000000..5f2d26f5
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/nso_query.py
@@ -0,0 +1,129 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Cisco and/or its affiliates.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: nso_query
+extends_documentation_fragment:
+- cisco.nso.nso
+
+short_description: Query data from Cisco NSO.
+description:
+ - This module provides support for querying data from Cisco NSO using XPath.
+requirements:
+ - Cisco NSO version 3.4 or higher.
+author: "Claes Nästén (@cnasten)"
+options:
+ xpath:
+ description: XPath selection relative to the root.
+ required: true
+ type: str
+ fields:
+ description: >
+ List of fields to select from matching nodes.
+ required: true
+ type: list
+ elements: str
+'''
+
+EXAMPLES = '''
+- name: QUERY DEVICES DISPLAYING NAME AND DESCRIPTION
+ cisco.nso.nso_query:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ xpath: /ncs:devices/device
+ fields:
+ - name
+ - description
+ register: nso_query_result
+
+- name: DISPLAY NSO_QUERY RESULT
+ debug:
+ var: nso_query_result
+'''
+
+RETURN = '''
+output:
+ description: Value of matching nodes
+ returned: success
+ type: list
+'''
+
+from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec
+from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException
+from ansible.module_utils.basic import AnsibleModule
+
+
+class NsoQuery(object):
+ REQUIRED_VERSIONS = [
+ (3, 4)
+ ]
+
+ def __init__(self, check_mode, client, xpath, fields):
+ self._check_mode = check_mode
+ self._client = client
+ self._xpath = xpath
+ self._fields = fields
+
+ def main(self):
+ if self._check_mode:
+ return []
+ else:
+ return self._client.query(self._xpath, self._fields)
+
+
+def main():
+ argument_spec = dict(
+ xpath=dict(required=True, type='str'),
+ fields=dict(required=True, type='list', elements='str')
+ )
+ argument_spec.update(nso_argument_spec)
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+ p = module.params
+
+ client = connect(p)
+ nso_query = NsoQuery(
+ module.check_mode, client,
+ p['xpath'], p['fields'])
+ try:
+ verify_version(client, NsoQuery.REQUIRED_VERSIONS)
+
+ output = nso_query.main()
+ client.logout()
+ module.exit_json(changed=False, output=output)
+ except NsoException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+ except ModuleFailException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_show.py b/ansible_collections/cisco/nso/plugins/modules/nso_show.py
new file mode 100644
index 00000000..e9d8963d
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/nso_show.py
@@ -0,0 +1,145 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Cisco and/or its affiliates.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: nso_show
+extends_documentation_fragment:
+- cisco.nso.nso
+
+short_description: Displays data from Cisco NSO.
+description:
+ - This module provides support for displaying data from Cisco NSO.
+requirements:
+ - Cisco NSO version 3.4.12 or higher, 4.1.9 or higher, 4.2.6 or higher,
+ 4.3.7 or higher, 4.4.5 or higher, 4.5 or higher.
+author: "Claes Nästén (@cnasten)"
+options:
+ path:
+ description: Path to NSO data.
+ required: true
+ type: str
+ operational:
+ description: >
+ Controls whether or not operational data is included in the result.
+ type: bool
+ default: false
+'''
+
+EXAMPLES = '''
+- name: DISPLAY DEVICE INCLUDING OPERATIONAL DATA
+ cisco.nso.nso_show:
+ url: https://10.10.20.49/jsonrpc
+ username: developer
+ password: C1sco12345
+ path: /ncs:devices/device{dist-rtr01}
+ operational: true
+ register: result
+
+- name: Display the result
+ debug:
+ var: result
+
+- name: DISPLAY INTERFACES
+ cisco.nso.nso_show:
+ url: "https://10.10.20.49/jsonrpc"
+ username: developer
+ password: C1sco12345
+ path: /ncs:devices/device{dist-rtr01}/config/interface
+ operational: true
+ register: result
+
+- name: Display the result
+ debug:
+ var: result
+'''
+
+RETURN = '''
+output:
+ description: Configuration
+ returned: success
+ type: dict
+'''
+
+from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec
+from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException
+from ansible.module_utils.basic import AnsibleModule
+
+
+class NsoShow(object):
+ REQUIRED_VERSIONS = [
+ (4, 5),
+ (4, 4, 5),
+ (4, 3, 7),
+ (4, 2, 6),
+ (4, 1, 9),
+ (3, 4, 12)
+ ]
+
+ def __init__(self, check_mode, client, path, operational):
+ self._check_mode = check_mode
+ self._client = client
+ self._path = path
+ self._operational = operational
+
+ def main(self):
+ if self._check_mode:
+ return {}
+ else:
+ return self._client.show_config(self._path, self._operational)
+
+
+def main():
+ argument_spec = dict(
+ path=dict(required=True, type='str'),
+ operational=dict(required=False, type='bool', default=False)
+ )
+ argument_spec.update(nso_argument_spec)
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+ p = module.params
+
+ client = connect(p)
+ nso_show = NsoShow(
+ module.check_mode, client,
+ p['path'], p['operational'])
+ try:
+ verify_version(client, NsoShow.REQUIRED_VERSIONS)
+
+ output = nso_show.main()
+ client.logout()
+ module.exit_json(changed=False, output=output)
+ except NsoException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+ except ModuleFailException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/cisco/nso/plugins/modules/nso_verify.py b/ansible_collections/cisco/nso/plugins/modules/nso_verify.py
new file mode 100644
index 00000000..03759706
--- /dev/null
+++ b/ansible_collections/cisco/nso/plugins/modules/nso_verify.py
@@ -0,0 +1,201 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2017 Cisco and/or its affiliates.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: nso_verify
+extends_documentation_fragment:
+- cisco.nso.nso
+
+short_description: Verifies Cisco NSO configuration.
+description:
+ - This module provides support for verifying Cisco NSO configuration is in
+ compliance with specified values.
+requirements:
+ - Cisco NSO version 3.4.12 or higher, 4.2.7 or higher,
+ 4.3.8 or higher, 4.4.3 or higher, 4.5 or higher.
+author: "Claes Nästén (@cnasten)"
+options:
+ data:
+ description: >
+ NSO data in format as C(| display json) converted to YAML. List entries can
+ be annotated with a C(__state) entry. Set to in-sync/deep-in-sync for
+ services to verify service is in sync with the network. Set to absent in
+ list entries to ensure they are deleted if they exist in NSO.
+ required: true
+ type: dict
+'''
+
+EXAMPLES = '''
+- name: VERIFY INTERFACE IS ADMINISTRATIVELY UP
+ cisco.nso.nso_verify:
+ url: http://localhost:8080/jsonrpc
+ username: username
+ password: password
+ data:
+ tailf-ncs:devices:
+ device:
+ - name: dist-sw01
+ config:
+ interface:
+ Ethernet:
+ - name: "1/1"
+ shutdown: false
+'''
+
+RETURN = '''
+violations:
+ description: List of value violations
+ returned: failed
+ type: complex
+ sample:
+ - path: /ncs:devices/device{dist-sw01}/config/interface/Ethernet{1/1}/shutdown
+ expected-value: false
+ value: true
+ contains:
+ path:
+ description: Path to the value in violation
+ returned: always
+ type: str
+ expected-value:
+ description: Expected value of path
+ returned: always
+ type: str
+ value:
+ description: Current value of path
+ returned: always
+ type: str
+'''
+
+from ansible_collections.cisco.nso.plugins.module_utils.nso import connect, verify_version, nso_argument_spec
+from ansible_collections.cisco.nso.plugins.module_utils.nso import normalize_value
+from ansible_collections.cisco.nso.plugins.module_utils.nso import State, ValueBuilder
+from ansible_collections.cisco.nso.plugins.module_utils.nso import ModuleFailException, NsoException
+from ansible.module_utils.basic import AnsibleModule
+
+
+class NsoVerify(object):
+ REQUIRED_VERSIONS = [
+ (4, 5),
+ (4, 4, 3),
+ (4, 3, 8),
+ (4, 2, 7),
+ (3, 4, 12)
+ ]
+
+ def __init__(self, client, data):
+ self._client = client
+ self._data = data
+
+ def main(self):
+ violations = []
+
+ # build list of values from configured data
+ value_builder = ValueBuilder(self._client, 'verify')
+ for key, value in self._data.items():
+ value_builder.build('', key, value)
+
+ for expected_value in value_builder.values:
+ if expected_value.state == State.PRESENT:
+ violations.append({
+ 'path': expected_value.path,
+ 'expected-value': 'present',
+ 'value': 'absent'
+ })
+ elif expected_value.state == State.ABSENT:
+ violations.append({
+ 'path': expected_value.path,
+ 'expected-value': 'absent',
+ 'value': 'present'
+ })
+ elif expected_value.state == State.SET:
+ try:
+ value = self._client.get_value(expected_value.path)['value']
+ except NsoException as ex:
+ if ex.error.get('type', '') == 'data.not_found':
+ value = None
+ else:
+ raise
+
+ # handle different types properly
+ n_value = normalize_value(
+ expected_value.value, value, expected_value.path)
+ if n_value != expected_value.value:
+ # if the value comparison fails, try mapping identityref
+ value_type = value_builder.get_type(expected_value.path)
+ if value_type is not None and 'identityref' in value_type:
+ n_value, t_value = self.get_prefix_name(value)
+
+ if expected_value.value != n_value:
+ violations.append({
+ 'path': expected_value.path,
+ 'expected-value': expected_value.value,
+ 'value': n_value
+ })
+ else:
+ raise ModuleFailException(
+ 'value state {0} not supported at {1}'.format(
+ expected_value.state, expected_value.path))
+
+ return violations
+
+
+def main():
+ argument_spec = dict(
+ data=dict(required=True, type='dict')
+ )
+ argument_spec.update(nso_argument_spec)
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True
+ )
+ p = module.params
+
+ client = connect(p)
+ nso_verify = NsoVerify(client, p['data'])
+ try:
+ verify_version(client, NsoVerify.REQUIRED_VERSIONS)
+
+ violations = nso_verify.main()
+ client.logout()
+
+ num_violations = len(violations)
+ if num_violations > 0:
+ msg = '{0} value{1} differ'.format(
+ num_violations, num_violations > 1 and 's' or '')
+ module.fail_json(msg=msg, violations=violations)
+ else:
+ module.exit_json(changed=False)
+
+ except NsoException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+ except ModuleFailException as ex:
+ client.logout()
+ module.fail_json(msg=ex.message)
+
+
+if __name__ == '__main__':
+ main()