From 66cec45960ce1d9c794e9399de15c138acb18aed Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 18:03:42 +0200 Subject: Adding upstream version 7.3.0+dfsg. Signed-off-by: Daniel Baumann --- .../cisco/ise/plugins/action/aci_bindings_info.py | 130 ++ .../cisco/ise/plugins/action/aci_settings.py | 253 ++++ .../cisco/ise/plugins/action/aci_settings_info.py | 90 ++ .../ise/plugins/action/aci_test_connectivity.py | 86 ++ .../cisco/ise/plugins/action/active_directory.py | 233 ++++ .../plugins/action/active_directory_add_groups.py | 104 ++ .../active_directory_groups_by_domain_info.py | 94 ++ .../ise/plugins/action/active_directory_info.py | 144 ++ ...ctive_directory_is_user_member_of_group_info.py | 94 ++ .../plugins/action/active_directory_join_domain.py | 90 ++ .../active_directory_join_domain_with_all_nodes.py | 90 ++ .../action/active_directory_leave_domain.py | 90 ++ ...active_directory_leave_domain_with_all_nodes.py | 90 ++ .../active_directory_trusted_domains_info.py | 92 ++ .../action/active_directory_user_groups_info.py | 94 ++ .../cisco/ise/plugins/action/admin_user_info.py | 141 ++ .../cisco/ise/plugins/action/allowed_protocols.py | 308 +++++ .../ise/plugins/action/allowed_protocols_info.py | 144 ++ .../cisco/ise/plugins/action/anc_endpoint_apply.py | 88 ++ .../anc_endpoint_bulk_monitor_status_info.py | 98 ++ .../plugins/action/anc_endpoint_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/anc_endpoint_clear.py | 88 ++ .../cisco/ise/plugins/action/anc_endpoint_info.py | 141 ++ .../cisco/ise/plugins/action/anc_policy.py | 242 ++++ .../action/anc_policy_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/anc_policy_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/anc_policy_info.py | 152 +++ .../ise/plugins/action/authorization_profile.py | 317 +++++ .../plugins/action/authorization_profile_info.py | 144 ++ .../cisco/ise/plugins/action/backup_cancel.py | 86 ++ .../cisco/ise/plugins/action/backup_config.py | 92 ++ .../ise/plugins/action/backup_last_status_info.py | 90 ++ .../cisco/ise/plugins/action/backup_restore.py | 94 ++ .../ise/plugins/action/backup_schedule_config.py | 108 ++ .../action/backup_schedule_config_update.py | 108 ++ .../ise/plugins/action/bind_signed_certificate.py | 120 ++ .../cisco/ise/plugins/action/byod_portal.py | 270 ++++ .../cisco/ise/plugins/action/byod_portal_info.py | 141 ++ .../ise/plugins/action/certificate_profile.py | 232 ++++ .../ise/plugins/action/certificate_profile_info.py | 144 ++ .../plugins/action/certificate_template_info.py | 144 ++ .../cisco/ise/plugins/action/csr_delete.py | 90 ++ .../cisco/ise/plugins/action/csr_export_info.py | 112 ++ .../cisco/ise/plugins/action/csr_generate.py | 122 ++ .../plugins/action/csr_generate_intermediate_ca.py | 86 ++ .../cisco/ise/plugins/action/csr_info.py | 143 ++ .../cisco/ise/plugins/action/deployment_info.py | 92 ++ ...administration_authentication_reset_hitcount.py | 88 ++ .../device_administration_authentication_rules.py | 269 ++++ ...ice_administration_authentication_rules_info.py | 103 ++ ..._administration_authorization_reset_hitcount.py | 88 ++ .../device_administration_authorization_rules.py | 263 ++++ ...vice_administration_authorization_rules_info.py | 103 ++ .../device_administration_command_set_info.py | 90 ++ .../action/device_administration_conditions.py | 287 ++++ ...tion_conditions_for_authentication_rule_info.py | 90 ++ ...ation_conditions_for_authorization_rule_info.py | 90 ++ ...dministration_conditions_for_policy_set_info.py | 90 ++ .../device_administration_conditions_info.py | 112 ++ ...on_dictionary_attributes_authentication_info.py | 90 ++ ...ion_dictionary_attributes_authorization_info.py | 90 ++ ...ration_dictionary_attributes_policy_set_info.py | 90 ++ ...device_administration_global_exception_rules.py | 254 ++++ ...e_administration_global_exception_rules_info.py | 101 ++ ...ration_global_exception_rules_reset_hitcount.py | 86 ++ .../device_administration_identity_stores_info.py | 90 ++ .../device_administration_local_exception_rules.py | 263 ++++ ...ce_administration_local_exception_rules_info.py | 103 ++ ...tration_local_exception_rules_reset_hitcount.py | 88 ++ .../device_administration_network_conditions.py | 241 ++++ ...evice_administration_network_conditions_info.py | 101 ++ .../action/device_administration_policy_set.py | 256 ++++ .../device_administration_policy_set_info.py | 101 ++ ...ice_administration_policy_set_reset_hitcount.py | 86 ++ .../action/device_administration_profiles_info.py | 90 ++ .../device_administration_service_names_info.py | 90 ++ .../device_administration_time_date_conditions.py | 277 ++++ ...ice_administration_time_date_conditions_info.py | 101 ++ .../cisco/ise/plugins/action/downloadable_acl.py | 264 ++++ .../ise/plugins/action/downloadable_acl_info.py | 133 ++ .../cisco/ise/plugins/action/egress_matrix_cell.py | 273 ++++ .../egress_matrix_cell_bulk_monitor_status_info.py | 98 ++ .../action/egress_matrix_cell_bulk_request.py | 90 ++ .../plugins/action/egress_matrix_cell_clear_all.py | 86 ++ .../ise/plugins/action/egress_matrix_cell_clone.py | 92 ++ .../ise/plugins/action/egress_matrix_cell_info.py | 141 ++ .../action/egress_matrix_cell_set_all_status.py | 88 ++ .../cisco/ise/plugins/action/endpoint.py | 275 ++++ .../action/endpoint_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/endpoint_bulk_request.py | 90 ++ .../ise/plugins/action/endpoint_certificate.py | 106 ++ .../ise/plugins/action/endpoint_deregister.py | 88 ++ .../action/endpoint_get_rejected_endpoints_info.py | 90 ++ .../cisco/ise/plugins/action/endpoint_group.py | 245 ++++ .../ise/plugins/action/endpoint_group_info.py | 152 +++ .../cisco/ise/plugins/action/endpoint_info.py | 152 +++ .../cisco/ise/plugins/action/endpoint_register.py | 112 ++ .../action/endpoint_release_rejected_endpoint.py | 88 ++ .../ise/plugins/action/external_radius_server.py | 275 ++++ .../plugins/action/external_radius_server_info.py | 144 ++ .../cisco/ise/plugins/action/filter_policy.py | 362 +++++ .../cisco/ise/plugins/action/filter_policy_info.py | 133 ++ .../ise/plugins/action/guest_location_info.py | 141 ++ .../action/guest_smtp_notification_settings.py | 255 ++++ .../guest_smtp_notification_settings_info.py | 141 ++ .../cisco/ise/plugins/action/guest_ssid.py | 255 ++++ .../cisco/ise/plugins/action/guest_ssid_info.py | 141 ++ .../cisco/ise/plugins/action/guest_type.py | 273 ++++ .../cisco/ise/plugins/action/guest_type_email.py | 90 ++ .../cisco/ise/plugins/action/guest_type_info.py | 141 ++ .../cisco/ise/plugins/action/guest_type_sms.py | 90 ++ .../cisco/ise/plugins/action/guest_user.py | 280 ++++ .../cisco/ise/plugins/action/guest_user_approve.py | 88 ++ .../action/guest_user_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/guest_user_bulk_request.py | 90 ++ .../action/guest_user_change_sponsor_password.py | 90 ++ .../cisco/ise/plugins/action/guest_user_deny.py | 88 ++ .../cisco/ise/plugins/action/guest_user_email.py | 92 ++ .../cisco/ise/plugins/action/guest_user_info.py | 152 +++ .../ise/plugins/action/guest_user_reinstate.py | 90 ++ .../plugins/action/guest_user_reset_password.py | 88 ++ .../cisco/ise/plugins/action/guest_user_sms.py | 90 ++ .../cisco/ise/plugins/action/guest_user_suspend.py | 92 ++ .../cisco/ise/plugins/action/hotpatch_info.py | 90 ++ .../cisco/ise/plugins/action/hotpatch_install.py | 90 ++ .../cisco/ise/plugins/action/hotpatch_rollback.py | 90 ++ .../cisco/ise/plugins/action/hotspot_portal.py | 270 ++++ .../ise/plugins/action/hotspot_portal_info.py | 141 ++ .../cisco/ise/plugins/action/id_store_sequence.py | 254 ++++ .../ise/plugins/action/id_store_sequence_info.py | 144 ++ .../cisco/ise/plugins/action/identity_group.py | 220 ++++ .../ise/plugins/action/identity_group_info.py | 152 +++ .../cisco/ise/plugins/action/internal_user.py | 338 +++++ .../cisco/ise/plugins/action/internal_user_info.py | 152 +++ .../ise/plugins/action/ise_root_ca_regenerate.py | 88 ++ .../action/licensing_connection_type_info.py | 90 ++ .../plugins/action/licensing_eval_license_info.py | 90 ++ .../licensing_feature_to_tier_mapping_info.py | 90 ++ .../action/licensing_registration_create.py | 96 ++ .../plugins/action/licensing_registration_info.py | 90 ++ .../plugins/action/licensing_smart_state_create.py | 86 ++ .../plugins/action/licensing_smart_state_info.py | 90 ++ .../plugins/action/licensing_tier_state_create.py | 88 ++ .../plugins/action/licensing_tier_state_info.py | 90 ++ .../ise/plugins/action/mnt_account_status_info.py | 100 ++ .../action/mnt_athentication_status_info.py | 96 ++ .../action/mnt_authentication_status_info.py | 96 ++ .../ise/plugins/action/mnt_failure_reasons_info.py | 90 ++ .../action/mnt_session_active_count_info.py | 90 ++ .../plugins/action/mnt_session_active_list_info.py | 90 ++ .../plugins/action/mnt_session_auth_list_info.py | 90 ++ .../ise/plugins/action/mnt_session_by_ip_info.py | 98 ++ .../ise/plugins/action/mnt_session_by_mac_info.py | 98 ++ .../plugins/action/mnt_session_by_nas_ip_info.py | 98 ++ .../plugins/action/mnt_session_by_username_info.py | 98 ++ .../ise/plugins/action/mnt_session_delete_all.py | 86 ++ .../plugins/action/mnt_session_disconnect_info.py | 106 ++ .../action/mnt_session_posture_count_info.py | 90 ++ .../action/mnt_session_profiler_count_info.py | 90 ++ .../action/mnt_session_reauthentication_info.py | 102 ++ .../action/mnt_sessions_by_session_id_info.py | 92 ++ .../cisco/ise/plugins/action/mnt_version_info.py | 90 ++ .../cisco/ise/plugins/action/my_device_portal.py | 270 ++++ .../ise/plugins/action/my_device_portal_info.py | 141 ++ .../plugins/action/native_supplicant_profile.py | 248 ++++ .../action/native_supplicant_profile_info.py | 133 ++ .../action/network_access_authentication_rules.py | 269 ++++ .../network_access_authentication_rules_info.py | 103 ++ ...k_access_authentication_rules_reset_hitcount.py | 88 ++ .../action/network_access_authorization_rules.py | 269 ++++ .../network_access_authorization_rules_info.py | 103 ++ ...rk_access_authorization_rules_reset_hitcount.py | 88 ++ .../plugins/action/network_access_conditions.py | 287 ++++ ...cess_conditions_for_authentication_rule_info.py | 90 ++ ...ccess_conditions_for_authorization_rule_info.py | 90 ++ ...etwork_access_conditions_for_policy_set_info.py | 90 ++ .../action/network_access_conditions_info.py | 112 ++ .../plugins/action/network_access_dictionary.py | 235 ++++ .../action/network_access_dictionary_attribute.py | 232 ++++ .../network_access_dictionary_attribute_info.py | 103 ++ ...ss_dictionary_attributes_authentication_info.py | 90 ++ ...ess_dictionary_attributes_authorization_info.py | 90 ++ ...access_dictionary_attributes_policy_set_info.py | 90 ++ .../action/network_access_dictionary_info.py | 101 ++ .../network_access_global_exception_rules.py | 254 ++++ .../network_access_global_exception_rules_info.py | 101 ++ ...access_global_exception_rules_reset_hitcount.py | 86 ++ .../action/network_access_identity_stores_info.py | 90 ++ .../action/network_access_local_exception_rules.py | 263 ++++ .../network_access_local_exception_rules_info.py | 103 ++ ...access_local_exception_rules_reset_hitcounts.py | 88 ++ .../action/network_access_network_condition.py | 253 ++++ .../network_access_network_condition_info.py | 101 ++ .../plugins/action/network_access_policy_set.py | 256 ++++ .../action/network_access_policy_set_info.py | 101 ++ .../network_access_policy_set_reset_hitcount.py | 86 ++ .../plugins/action/network_access_profiles_info.py | 90 ++ .../action/network_access_security_groups_info.py | 90 ++ .../action/network_access_service_name_info.py | 90 ++ .../action/network_access_time_date_conditions.py | 277 ++++ .../network_access_time_date_conditions_info.py | 101 ++ .../cisco/ise/plugins/action/network_device.py | 283 ++++ .../network_device_bulk_monitor_status_info.py | 98 ++ .../plugins/action/network_device_bulk_request.py | 90 ++ .../ise/plugins/action/network_device_group.py | 248 ++++ .../plugins/action/network_device_group_info.py | 154 +++ .../ise/plugins/action/network_device_info.py | 152 +++ .../cisco/ise/plugins/action/node_deployment.py | 226 ++++ .../ise/plugins/action/node_deployment_info.py | 105 ++ .../ise/plugins/action/node_deployment_sync.py | 88 ++ .../cisco/ise/plugins/action/node_group.py | 220 ++++ .../cisco/ise/plugins/action/node_group_info.py | 101 ++ .../ise/plugins/action/node_group_node_create.py | 90 ++ .../ise/plugins/action/node_group_node_delete.py | 90 ++ .../ise/plugins/action/node_group_node_info.py | 92 ++ .../cisco/ise/plugins/action/node_info.py | 148 +++ .../plugins/action/node_primary_to_standalone.py | 168 +++ .../cisco/ise/plugins/action/node_promotion.py | 88 ++ .../plugins/action/node_replication_status_info.py | 98 ++ .../plugins/action/node_secondary_to_primary.py | 168 +++ .../action/node_services_interfaces_info.py | 98 ++ .../action/node_services_profiler_probe_config.py | 219 +++ .../node_services_profiler_probe_config_info.py | 98 ++ .../plugins/action/node_services_sxp_interfaces.py | 172 +++ .../action/node_services_sxp_interfaces_info.py | 92 ++ .../plugins/action/node_standalone_to_primary.py | 167 +++ .../cisco/ise/plugins/action/node_sync.py | 88 ++ .../cisco/ise/plugins/action/pan_ha.py | 197 +++ .../cisco/ise/plugins/action/pan_ha_info.py | 90 ++ .../cisco/ise/plugins/action/pan_ha_update.py | 96 ++ .../cisco/ise/plugins/action/patch_info.py | 90 ++ .../cisco/ise/plugins/action/patch_install.py | 90 ++ .../cisco/ise/plugins/action/patch_rollback.py | 88 ++ .../plugins/action/personas_check_standalone.py | 92 ++ .../ise/plugins/action/personas_export_certs.py | 99 ++ .../ise/plugins/action/personas_promote_primary.py | 86 ++ .../ise/plugins/action/personas_register_node.py | 103 ++ .../action/personas_update_roles_services.py | 115 ++ .../ise/plugins/action/portal_global_setting.py | 219 +++ .../plugins/action/portal_global_setting_info.py | 141 ++ .../cisco/ise/plugins/action/portal_info.py | 141 ++ .../cisco/ise/plugins/action/portal_theme.py | 261 ++++ .../cisco/ise/plugins/action/portal_theme_info.py | 141 ++ .../ise/plugins/action/profiler_profile_info.py | 141 ++ .../plugins/action/proxy_connection_settings.py | 183 +++ .../action/proxy_connection_settings_info.py | 90 ++ .../ise/plugins/action/px_grid_node_approve.py | 88 ++ .../ise/plugins/action/px_grid_node_delete.py | 88 ++ .../cisco/ise/plugins/action/px_grid_node_info.py | 144 ++ .../action/px_grid_settings_auto_approve.py | 90 ++ .../ise/plugins/action/pxgrid_access_secret.py | 88 ++ .../ise/plugins/action/pxgrid_account_activate.py | 88 ++ .../ise/plugins/action/pxgrid_account_create.py | 88 ++ .../ise/plugins/action/pxgrid_authorization.py | 86 ++ .../ise/plugins/action/pxgrid_bindings_info.py | 88 ++ .../plugins/action/pxgrid_egress_matrices_info.py | 88 ++ .../plugins/action/pxgrid_egress_policies_info.py | 88 ++ .../plugins/action/pxgrid_endpoint_by_mac_info.py | 88 ++ .../action/pxgrid_endpoints_by_os_type_info.py | 88 ++ .../action/pxgrid_endpoints_by_type_info.py | 88 ++ .../ise/plugins/action/pxgrid_endpoints_info.py | 88 ++ .../ise/plugins/action/pxgrid_failures_info.py | 90 ++ .../ise/plugins/action/pxgrid_healths_info.py | 88 ++ .../ise/plugins/action/pxgrid_node_approve.py | 88 ++ .../cisco/ise/plugins/action/pxgrid_node_delete.py | 88 ++ .../cisco/ise/plugins/action/pxgrid_node_info.py | 144 ++ .../ise/plugins/action/pxgrid_performances_info.py | 88 ++ .../ise/plugins/action/pxgrid_profiles_info.py | 88 ++ .../action/pxgrid_security_group_acls_info.py | 88 ++ .../plugins/action/pxgrid_security_groups_info.py | 88 ++ .../ise/plugins/action/pxgrid_service_lookup.py | 88 ++ .../ise/plugins/action/pxgrid_service_register.py | 88 ++ .../plugins/action/pxgrid_service_reregister.py | 86 ++ .../plugins/action/pxgrid_service_unregister.py | 86 ++ .../plugins/action/pxgrid_session_by_ip_info.py | 88 ++ .../plugins/action/pxgrid_session_by_mac_info.py | 88 ++ .../action/pxgrid_session_for_recovery_info.py | 88 ++ .../ise/plugins/action/pxgrid_sessions_info.py | 88 ++ .../plugins/action/pxgrid_settings_auto_approve.py | 90 ++ .../action/pxgrid_user_group_by_username_info.py | 88 ++ .../ise/plugins/action/pxgrid_user_groups_info.py | 88 ++ .../ise/plugins/action/radius_server_sequence.py | 294 +++++ .../plugins/action/radius_server_sequence_info.py | 133 ++ .../cisco/ise/plugins/action/renew_certificate.py | 88 ++ .../cisco/ise/plugins/action/repository.py | 241 ++++ .../ise/plugins/action/repository_files_info.py | 101 ++ .../cisco/ise/plugins/action/repository_info.py | 101 ++ .../ise/plugins/action/resource_version_info.py | 92 ++ .../cisco/ise/plugins/action/rest_id_store.py | 253 ++++ .../cisco/ise/plugins/action/rest_id_store_info.py | 152 +++ .../ise/plugins/action/self_registered_portal.py | 270 ++++ .../plugins/action/self_registered_portal_info.py | 141 ++ .../action/selfsigned_certificate_generate.py | 150 +++ .../plugins/action/session_service_node_info.py | 144 ++ .../cisco/ise/plugins/action/sg_acl.py | 273 ++++ .../action/sg_acl_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/sg_acl_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/sg_acl_info.py | 141 ++ .../cisco/ise/plugins/action/sg_mapping.py | 273 ++++ .../action/sg_mapping_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/sg_mapping_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/sg_mapping_deploy.py | 88 ++ .../ise/plugins/action/sg_mapping_deploy_all.py | 86 ++ .../action/sg_mapping_deploy_status_info.py | 90 ++ .../cisco/ise/plugins/action/sg_mapping_group.py | 264 ++++ .../sg_mapping_group_bulk_monitor_status_info.py | 98 ++ .../action/sg_mapping_group_bulk_request.py | 90 ++ .../ise/plugins/action/sg_mapping_group_deploy.py | 88 ++ .../plugins/action/sg_mapping_group_deploy_all.py | 86 ++ .../action/sg_mapping_group_deploy_status_info.py | 90 ++ .../ise/plugins/action/sg_mapping_group_info.py | 141 ++ .../cisco/ise/plugins/action/sg_mapping_info.py | 141 ++ .../cisco/ise/plugins/action/sg_to_vn_to_vlan.py | 264 ++++ .../sg_to_vn_to_vlan_bulk_monitor_status_info.py | 98 ++ .../action/sg_to_vn_to_vlan_bulk_request.py | 90 ++ .../ise/plugins/action/sg_to_vn_to_vlan_info.py | 137 ++ .../cisco/ise/plugins/action/sgt.py | 274 ++++ .../plugins/action/sgt_bulk_monitor_status_info.py | 98 ++ .../cisco/ise/plugins/action/sgt_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/sgt_info.py | 141 ++ .../cisco/ise/plugins/action/sms_provider_info.py | 130 ++ .../cisco/ise/plugins/action/sponsor_group.py | 285 ++++ .../cisco/ise/plugins/action/sponsor_group_info.py | 141 ++ .../plugins/action/sponsor_group_member_info.py | 130 ++ .../cisco/ise/plugins/action/sponsor_portal.py | 270 ++++ .../ise/plugins/action/sponsor_portal_info.py | 141 ++ .../ise/plugins/action/sponsored_guest_portal.py | 270 ++++ .../plugins/action/sponsored_guest_portal_info.py | 141 ++ .../cisco/ise/plugins/action/support_bundle.py | 94 ++ .../ise/plugins/action/support_bundle_download.py | 100 ++ .../plugins/action/support_bundle_status_info.py | 133 ++ .../cisco/ise/plugins/action/sxp_connections.py | 275 ++++ .../sxp_connections_bulk_monitor_status_info.py | 98 ++ .../plugins/action/sxp_connections_bulk_request.py | 90 ++ .../ise/plugins/action/sxp_connections_info.py | 141 ++ .../cisco/ise/plugins/action/sxp_local_bindings.py | 270 ++++ .../sxp_local_bindings_bulk_monitor_status_info.py | 98 ++ .../action/sxp_local_bindings_bulk_request.py | 90 ++ .../ise/plugins/action/sxp_local_bindings_info.py | 141 ++ .../cisco/ise/plugins/action/sxp_vpns.py | 227 ++++ .../action/sxp_vpns_bulk_monitor_status_info.py | 98 ++ .../ise/plugins/action/sxp_vpns_bulk_request.py | 90 ++ .../cisco/ise/plugins/action/sxp_vpns_info.py | 141 ++ .../cisco/ise/plugins/action/system_certificate.py | 268 ++++ .../plugins/action/system_certificate_create.py | 90 ++ .../action/system_certificate_export_info.py | 106 ++ .../plugins/action/system_certificate_import.py | 128 ++ .../ise/plugins/action/system_certificate_info.py | 152 +++ .../plugins/action/system_config_version_info.py | 90 ++ .../ise/plugins/action/tacacs_command_sets.py | 248 ++++ .../ise/plugins/action/tacacs_command_sets_info.py | 144 ++ .../ise/plugins/action/tacacs_external_servers.py | 257 ++++ .../plugins/action/tacacs_external_servers_info.py | 144 ++ .../cisco/ise/plugins/action/tacacs_profile.py | 245 ++++ .../ise/plugins/action/tacacs_profile_info.py | 144 ++ .../ise/plugins/action/tacacs_server_sequence.py | 263 ++++ .../plugins/action/tacacs_server_sequence_info.py | 144 ++ .../cisco/ise/plugins/action/tasks_info.py | 101 ++ .../cisco/ise/plugins/action/telemetry_info.py | 137 ++ .../plugins/action/threat_vulnerabilities_clear.py | 88 ++ .../plugins/action/transport_gateway_settings.py | 171 +++ .../action/transport_gateway_settings_info.py | 90 ++ .../ise/plugins/action/trusted_certificate.py | 300 +++++ .../action/trusted_certificate_export_info.py | 110 ++ .../plugins/action/trusted_certificate_import.py | 108 ++ .../ise/plugins/action/trusted_certificate_info.py | 141 ++ .../cisco/ise/plugins/action/trustsec_nbar_app.py | 256 ++++ .../ise/plugins/action/trustsec_nbar_app_info.py | 141 ++ .../ise/plugins/action/trustsec_sg_vn_mapping.py | 267 ++++ .../action/trustsec_sg_vn_mapping_bulk_create.py | 88 ++ .../action/trustsec_sg_vn_mapping_bulk_delete.py | 88 ++ .../action/trustsec_sg_vn_mapping_bulk_update.py | 88 ++ .../plugins/action/trustsec_sg_vn_mapping_info.py | 141 ++ .../cisco/ise/plugins/action/trustsec_vn.py | 256 ++++ .../ise/plugins/action/trustsec_vn_bulk_create.py | 88 ++ .../ise/plugins/action/trustsec_vn_bulk_delete.py | 88 ++ .../ise/plugins/action/trustsec_vn_bulk_update.py | 88 ++ .../cisco/ise/plugins/action/trustsec_vn_info.py | 141 ++ .../ise/plugins/action/trustsec_vn_vlan_mapping.py | 268 ++++ .../action/trustsec_vn_vlan_mapping_bulk_create.py | 88 ++ .../action/trustsec_vn_vlan_mapping_bulk_delete.py | 88 ++ .../action/trustsec_vn_vlan_mapping_bulk_update.py | 88 ++ .../action/trustsec_vn_vlan_mapping_info.py | 141 ++ .../cisco/ise/plugins/doc_fragments/__init__.py | 0 .../cisco/ise/plugins/doc_fragments/module.py | 72 + .../cisco/ise/plugins/doc_fragments/module_info.py | 72 + .../cisco/ise/plugins/modules/__init__.py | 0 .../cisco/ise/plugins/modules/aci_bindings_info.py | 112 ++ .../cisco/ise/plugins/modules/aci_settings.py | 190 +++ .../cisco/ise/plugins/modules/aci_settings_info.py | 75 ++ .../ise/plugins/modules/aci_test_connectivity.py | 52 + .../cisco/ise/plugins/modules/active_directory.py | 347 +++++ .../plugins/modules/active_directory_add_groups.py | 268 ++++ .../active_directory_groups_by_domain_info.py | 83 ++ .../ise/plugins/modules/active_directory_info.py | 236 ++++ ...ctive_directory_is_user_member_of_group_info.py | 79 ++ .../modules/active_directory_join_domain.py | 74 ++ .../active_directory_join_domain_with_all_nodes.py | 68 + .../modules/active_directory_leave_domain.py | 74 ++ ...active_directory_leave_domain_with_all_nodes.py | 68 + .../active_directory_trusted_domains_info.py | 62 + .../modules/active_directory_user_groups_info.py | 76 ++ .../cisco/ise/plugins/modules/admin_user_info.py | 159 +++ .../cisco/ise/plugins/modules/allowed_protocols.py | 637 +++++++++ .../ise/plugins/modules/allowed_protocols_info.py | 288 ++++ .../ise/plugins/modules/anc_endpoint_apply.py | 66 + .../anc_endpoint_bulk_monitor_status_info.py | 71 + .../plugins/modules/anc_endpoint_bulk_request.py | 56 + .../ise/plugins/modules/anc_endpoint_clear.py | 64 + .../cisco/ise/plugins/modules/anc_endpoint_info.py | 143 ++ .../cisco/ise/plugins/modules/anc_policy.py | 122 ++ .../modules/anc_policy_bulk_monitor_status_info.py | 71 + .../ise/plugins/modules/anc_policy_bulk_request.py | 56 + .../cisco/ise/plugins/modules/anc_policy_info.py | 164 +++ .../ise/plugins/modules/authorization_profile.py | 403 ++++++ .../plugins/modules/authorization_profile_info.py | 226 ++++ .../cisco/ise/plugins/modules/backup_cancel.py | 70 + .../cisco/ise/plugins/modules/backup_config.py | 80 ++ .../ise/plugins/modules/backup_last_status_info.py | 68 + .../cisco/ise/plugins/modules/backup_restore.py | 80 ++ .../ise/plugins/modules/backup_schedule_config.py | 113 ++ .../modules/backup_schedule_config_update.py | 113 ++ .../ise/plugins/modules/bind_signed_certificate.py | 126 ++ .../cisco/ise/plugins/modules/byod_portal.py | 561 ++++++++ .../cisco/ise/plugins/modules/byod_portal_info.py | 313 +++++ .../ise/plugins/modules/certificate_profile.py | 141 ++ .../plugins/modules/certificate_profile_info.py | 132 ++ .../plugins/modules/certificate_template_info.py | 118 ++ .../cisco/ise/plugins/modules/csr_delete.py | 66 + .../cisco/ise/plugins/modules/csr_export_info.py | 80 ++ .../cisco/ise/plugins/modules/csr_generate.py | 147 +++ .../modules/csr_generate_intermediate_ca.py | 63 + .../cisco/ise/plugins/modules/csr_info.py | 166 +++ .../cisco/ise/plugins/modules/deployment_info.py | 183 +++ ...administration_authentication_reset_hitcount.py | 58 + .../device_administration_authentication_rules.py | 535 ++++++++ ...ice_administration_authentication_rules_info.py | 144 ++ ..._administration_authorization_reset_hitcount.py | 58 + .../device_administration_authorization_rules.py | 529 ++++++++ ...vice_administration_authorization_rules_info.py | 144 ++ .../device_administration_command_set_info.py | 59 + .../modules/device_administration_conditions.py | 457 +++++++ ...tion_conditions_for_authentication_rule_info.py | 105 ++ ...ation_conditions_for_authorization_rule_info.py | 105 ++ ...dministration_conditions_for_policy_set_info.py | 105 ++ .../device_administration_conditions_info.py | 136 ++ ...on_dictionary_attributes_authentication_info.py | 71 + ...ion_dictionary_attributes_authorization_info.py | 71 + ...ration_dictionary_attributes_policy_set_info.py | 71 + ...device_administration_global_exception_rules.py | 523 ++++++++ ...e_administration_global_exception_rules_info.py | 138 ++ ...ration_global_exception_rules_reset_hitcount.py | 54 + .../device_administration_identity_stores_info.py | 59 + .../device_administration_local_exception_rules.py | 529 ++++++++ ...ce_administration_local_exception_rules_info.py | 144 ++ ...tration_local_exception_rules_reset_hitcount.py | 58 + .../device_administration_network_conditions.py | 302 +++++ ...evice_administration_network_conditions_info.py | 108 ++ .../modules/device_administration_policy_set.py | 505 +++++++ .../device_administration_policy_set_info.py | 135 ++ ...ice_administration_policy_set_reset_hitcount.py | 54 + .../modules/device_administration_profiles_info.py | 59 + .../device_administration_service_names_info.py | 61 + .../device_administration_time_date_conditions.py | 299 +++++ ...ice_administration_time_date_conditions_info.py | 70 + .../cisco/ise/plugins/modules/downloadable_acl.py | 154 +++ .../ise/plugins/modules/downloadable_acl_info.py | 109 ++ .../ise/plugins/modules/egress_matrix_cell.py | 151 +++ .../egress_matrix_cell_bulk_monitor_status_info.py | 72 + .../modules/egress_matrix_cell_bulk_request.py | 56 + .../modules/egress_matrix_cell_clear_all.py | 48 + .../plugins/modules/egress_matrix_cell_clone.py | 69 + .../ise/plugins/modules/egress_matrix_cell_info.py | 157 +++ .../modules/egress_matrix_cell_set_all_status.py | 52 + .../cisco/ise/plugins/modules/endpoint.py | 262 ++++ .../modules/endpoint_bulk_monitor_status_info.py | 72 + .../ise/plugins/modules/endpoint_bulk_request.py | 56 + .../ise/plugins/modules/endpoint_certificate.py | 97 ++ .../ise/plugins/modules/endpoint_deregister.py | 52 + .../endpoint_get_rejected_endpoints_info.py | 56 + .../cisco/ise/plugins/modules/endpoint_group.py | 126 ++ .../ise/plugins/modules/endpoint_group_info.py | 166 +++ .../cisco/ise/plugins/modules/endpoint_info.py | 212 +++ .../cisco/ise/plugins/modules/endpoint_register.py | 158 +++ .../modules/endpoint_release_rejected_endpoint.py | 52 + .../ise/plugins/modules/external_radius_server.py | 188 +++ .../plugins/modules/external_radius_server_info.py | 144 ++ .../cisco/ise/plugins/modules/filter_policy.py | 123 ++ .../ise/plugins/modules/filter_policy_info.py | 97 ++ .../ise/plugins/modules/guest_location_info.py | 141 ++ .../modules/guest_smtp_notification_settings.py | 155 +++ .../guest_smtp_notification_settings_info.py | 159 +++ .../cisco/ise/plugins/modules/guest_ssid.py | 111 ++ .../cisco/ise/plugins/modules/guest_ssid_info.py | 141 ++ .../cisco/ise/plugins/modules/guest_type.py | 303 +++++ .../cisco/ise/plugins/modules/guest_type_email.py | 66 + .../cisco/ise/plugins/modules/guest_type_info.py | 217 +++ .../cisco/ise/plugins/modules/guest_type_sms.py | 68 + .../cisco/ise/plugins/modules/guest_user.py | 337 +++++ .../ise/plugins/modules/guest_user_approve.py | 52 + .../modules/guest_user_bulk_monitor_status_info.py | 72 + .../ise/plugins/modules/guest_user_bulk_request.py | 56 + .../modules/guest_user_change_sponsor_password.py | 68 + .../cisco/ise/plugins/modules/guest_user_deny.py | 52 + .../cisco/ise/plugins/modules/guest_user_email.py | 70 + .../cisco/ise/plugins/modules/guest_user_info.py | 218 +++ .../ise/plugins/modules/guest_user_reinstate.py | 66 + .../plugins/modules/guest_user_reset_password.py | 61 + .../cisco/ise/plugins/modules/guest_user_sms.py | 56 + .../ise/plugins/modules/guest_user_suspend.py | 80 ++ .../cisco/ise/plugins/modules/hotpatch_info.py | 59 + .../cisco/ise/plugins/modules/hotpatch_install.py | 68 + .../cisco/ise/plugins/modules/hotpatch_rollback.py | 68 + .../cisco/ise/plugins/modules/hotspot_portal.py | 546 ++++++++ .../ise/plugins/modules/hotspot_portal_info.py | 309 +++++ .../cisco/ise/plugins/modules/id_store_sequence.py | 161 +++ .../ise/plugins/modules/id_store_sequence_info.py | 144 ++ .../cisco/ise/plugins/modules/identity_group.py | 114 ++ .../ise/plugins/modules/identity_group_info.py | 166 +++ .../cisco/ise/plugins/modules/internal_user.py | 229 ++++ .../ise/plugins/modules/internal_user_info.py | 184 +++ .../ise/plugins/modules/ise_root_ca_regenerate.py | 68 + .../modules/licensing_connection_type_info.py | 56 + .../plugins/modules/licensing_eval_license_info.py | 55 + .../licensing_feature_to_tier_mapping_info.py | 61 + .../modules/licensing_registration_create.py | 75 ++ .../plugins/modules/licensing_registration_info.py | 60 + .../modules/licensing_smart_state_create.py | 52 + .../plugins/modules/licensing_smart_state_info.py | 56 + .../plugins/modules/licensing_tier_state_create.py | 75 ++ .../plugins/modules/licensing_tier_state_info.py | 63 + .../ise/plugins/modules/mnt_account_status_info.py | 58 + .../modules/mnt_athentication_status_info.py | 65 + .../modules/mnt_authentication_status_info.py | 63 + .../plugins/modules/mnt_failure_reasons_info.py | 48 + .../modules/mnt_session_active_count_info.py | 50 + .../modules/mnt_session_active_list_info.py | 50 + .../plugins/modules/mnt_session_auth_list_info.py | 50 + .../ise/plugins/modules/mnt_session_by_ip_info.py | 53 + .../ise/plugins/modules/mnt_session_by_mac_info.py | 53 + .../plugins/modules/mnt_session_by_nas_ip_info.py | 53 + .../modules/mnt_session_by_username_info.py | 53 + .../ise/plugins/modules/mnt_session_delete_all.py | 47 + .../plugins/modules/mnt_session_disconnect_info.py | 73 + .../modules/mnt_session_posture_count_info.py | 50 + .../modules/mnt_session_profiler_count_info.py | 50 + .../modules/mnt_session_reauthentication_info.py | 63 + .../modules/mnt_sessions_by_session_id_info.py | 53 + .../cisco/ise/plugins/modules/mnt_version_info.py | 52 + .../cisco/ise/plugins/modules/my_device_portal.py | 593 +++++++++ .../ise/plugins/modules/my_device_portal_info.py | 327 +++++ .../plugins/modules/native_supplicant_profile.py | 143 ++ .../modules/native_supplicant_profile_info.py | 127 ++ .../modules/network_access_authentication_rules.py | 535 ++++++++ .../network_access_authentication_rules_info.py | 144 ++ ...k_access_authentication_rules_reset_hitcount.py | 58 + .../modules/network_access_authorization_rules.py | 527 ++++++++ .../network_access_authorization_rules_info.py | 144 ++ ...rk_access_authorization_rules_reset_hitcount.py | 58 + .../plugins/modules/network_access_conditions.py | 457 +++++++ ...cess_conditions_for_authentication_rule_info.py | 105 ++ ...ccess_conditions_for_authorization_rule_info.py | 105 ++ ...etwork_access_conditions_for_policy_set_info.py | 105 ++ .../modules/network_access_conditions_info.py | 136 ++ .../plugins/modules/network_access_dictionary.py | 155 +++ .../modules/network_access_dictionary_attribute.py | 176 +++ .../network_access_dictionary_attribute_info.py | 91 ++ ...ss_dictionary_attributes_authentication_info.py | 71 + ...ess_dictionary_attributes_authorization_info.py | 71 + ...access_dictionary_attributes_policy_set_info.py | 71 + .../modules/network_access_dictionary_info.py | 81 ++ .../network_access_global_exception_rules.py | 521 ++++++++ .../network_access_global_exception_rules_info.py | 138 ++ ...access_global_exception_rules_reset_hitcount.py | 54 + .../modules/network_access_identity_stores_info.py | 59 + .../network_access_local_exception_rules.py | 527 ++++++++ .../network_access_local_exception_rules_info.py | 144 ++ ...access_local_exception_rules_reset_hitcounts.py | 58 + .../modules/network_access_network_condition.py | 228 ++++ .../network_access_network_condition_info.py | 95 ++ .../plugins/modules/network_access_policy_set.py | 505 +++++++ .../modules/network_access_policy_set_info.py | 135 ++ .../network_access_policy_set_reset_hitcount.py | 54 + .../modules/network_access_profiles_info.py | 59 + .../modules/network_access_security_groups_info.py | 59 + .../modules/network_access_service_name_info.py | 61 + .../modules/network_access_time_date_conditions.py | 299 +++++ .../network_access_time_date_conditions_info.py | 70 + .../cisco/ise/plugins/modules/network_device.py | 518 ++++++++ .../network_device_bulk_monitor_status_info.py | 72 + .../plugins/modules/network_device_bulk_request.py | 56 + .../ise/plugins/modules/network_device_group.py | 122 ++ .../plugins/modules/network_device_group_info.py | 164 +++ .../ise/plugins/modules/network_device_info.py | 284 ++++ .../cisco/ise/plugins/modules/node_deployment.py | 136 ++ .../ise/plugins/modules/node_deployment_info.py | 109 ++ .../ise/plugins/modules/node_deployment_sync.py | 62 + .../cisco/ise/plugins/modules/node_group.py | 147 +++ .../cisco/ise/plugins/modules/node_group_info.py | 79 ++ .../ise/plugins/modules/node_group_node_create.py | 65 + .../ise/plugins/modules/node_group_node_delete.py | 65 + .../ise/plugins/modules/node_group_node_info.py | 63 + .../cisco/ise/plugins/modules/node_info.py | 184 +++ .../plugins/modules/node_primary_to_standalone.py | 62 + .../cisco/ise/plugins/modules/node_promotion.py | 54 + .../modules/node_replication_status_info.py | 54 + .../plugins/modules/node_secondary_to_primary.py | 62 + .../modules/node_services_interfaces_info.py | 63 + .../modules/node_services_profiler_probe_config.py | 284 ++++ .../node_services_profiler_probe_config_info.py | 119 ++ .../modules/node_services_sxp_interfaces.py | 75 ++ .../modules/node_services_sxp_interfaces_info.py | 60 + .../plugins/modules/node_standalone_to_primary.py | 62 + .../cisco/ise/plugins/modules/node_sync.py | 54 + .../cisco/ise/plugins/modules/pan_ha.py | 84 ++ .../cisco/ise/plugins/modules/pan_ha_info.py | 66 + .../cisco/ise/plugins/modules/pan_ha_update.py | 89 ++ .../cisco/ise/plugins/modules/patch_info.py | 61 + .../cisco/ise/plugins/modules/patch_install.py | 68 + .../cisco/ise/plugins/modules/patch_rollback.py | 64 + .../plugins/modules/personas_check_standalone.py | 78 ++ .../ise/plugins/modules/personas_export_certs.py | 99 ++ .../plugins/modules/personas_promote_primary.py | 64 + .../ise/plugins/modules/personas_register_node.py | 108 ++ .../modules/personas_update_roles_services.py | 83 ++ .../ise/plugins/modules/portal_global_setting.py | 86 ++ .../plugins/modules/portal_global_setting_info.py | 141 ++ .../cisco/ise/plugins/modules/portal_info.py | 145 ++ .../cisco/ise/plugins/modules/portal_theme.py | 122 ++ .../cisco/ise/plugins/modules/portal_theme_info.py | 145 ++ .../ise/plugins/modules/profiler_profile_info.py | 145 ++ .../plugins/modules/proxy_connection_settings.py | 101 ++ .../modules/proxy_connection_settings_info.py | 60 + .../ise/plugins/modules/px_grid_node_approve.py | 52 + .../ise/plugins/modules/px_grid_node_delete.py | 52 + .../cisco/ise/plugins/modules/px_grid_node_info.py | 128 ++ .../modules/px_grid_settings_auto_approve.py | 56 + .../ise/plugins/modules/pxgrid_access_secret.py | 51 + .../ise/plugins/modules/pxgrid_account_activate.py | 51 + .../ise/plugins/modules/pxgrid_account_create.py | 51 + .../ise/plugins/modules/pxgrid_authorization.py | 47 + .../ise/plugins/modules/pxgrid_bindings_info.py | 48 + .../plugins/modules/pxgrid_egress_matrices_info.py | 48 + .../plugins/modules/pxgrid_egress_policies_info.py | 48 + .../plugins/modules/pxgrid_endpoint_by_mac_info.py | 48 + .../modules/pxgrid_endpoints_by_os_type_info.py | 48 + .../modules/pxgrid_endpoints_by_type_info.py | 48 + .../ise/plugins/modules/pxgrid_endpoints_info.py | 48 + .../ise/plugins/modules/pxgrid_failures_info.py | 48 + .../ise/plugins/modules/pxgrid_healths_info.py | 48 + .../ise/plugins/modules/pxgrid_node_approve.py | 52 + .../ise/plugins/modules/pxgrid_node_delete.py | 52 + .../cisco/ise/plugins/modules/pxgrid_node_info.py | 128 ++ .../plugins/modules/pxgrid_performances_info.py | 48 + .../ise/plugins/modules/pxgrid_profiles_info.py | 48 + .../modules/pxgrid_security_group_acls_info.py | 48 + .../plugins/modules/pxgrid_security_groups_info.py | 48 + .../ise/plugins/modules/pxgrid_service_lookup.py | 51 + .../ise/plugins/modules/pxgrid_service_register.py | 51 + .../plugins/modules/pxgrid_service_reregister.py | 47 + .../plugins/modules/pxgrid_service_unregister.py | 47 + .../plugins/modules/pxgrid_session_by_ip_info.py | 48 + .../plugins/modules/pxgrid_session_by_mac_info.py | 48 + .../modules/pxgrid_session_for_recovery_info.py | 48 + .../ise/plugins/modules/pxgrid_sessions_info.py | 48 + .../modules/pxgrid_settings_auto_approve.py | 56 + .../modules/pxgrid_user_group_by_username_info.py | 48 + .../ise/plugins/modules/pxgrid_user_groups_info.py | 48 + .../ise/plugins/modules/radius_server_sequence.py | 267 ++++ .../plugins/modules/radius_server_sequence_info.py | 165 +++ .../cisco/ise/plugins/modules/renew_certificate.py | 67 + .../cisco/ise/plugins/modules/repository.py | 138 ++ .../ise/plugins/modules/repository_files_info.py | 61 + .../cisco/ise/plugins/modules/repository_info.py | 78 ++ .../ise/plugins/modules/resource_version_info.py | 62 + .../cisco/ise/plugins/modules/rest_id_store.py | 199 +++ .../ise/plugins/modules/rest_id_store_info.py | 182 +++ .../ise/plugins/modules/self_registered_portal.py | 1392 ++++++++++++++++++++ .../plugins/modules/self_registered_portal_info.py | 623 +++++++++ .../modules/selfsigned_certificate_generate.py | 196 +++ .../plugins/modules/session_service_node_info.py | 130 ++ .../cisco/ise/plugins/modules/sg_acl.py | 150 +++ .../modules/sg_acl_bulk_monitor_status_info.py | 76 ++ .../ise/plugins/modules/sg_acl_bulk_request.py | 60 + .../cisco/ise/plugins/modules/sg_acl_info.py | 157 +++ .../cisco/ise/plugins/modules/sg_mapping.py | 151 +++ .../modules/sg_mapping_bulk_monitor_status_info.py | 76 ++ .../ise/plugins/modules/sg_mapping_bulk_request.py | 60 + .../cisco/ise/plugins/modules/sg_mapping_deploy.py | 56 + .../ise/plugins/modules/sg_mapping_deploy_all.py | 52 + .../modules/sg_mapping_deploy_status_info.py | 60 + .../cisco/ise/plugins/modules/sg_mapping_group.py | 131 ++ .../sg_mapping_group_bulk_monitor_status_info.py | 76 ++ .../modules/sg_mapping_group_bulk_request.py | 60 + .../ise/plugins/modules/sg_mapping_group_deploy.py | 56 + .../plugins/modules/sg_mapping_group_deploy_all.py | 52 + .../modules/sg_mapping_group_deploy_status_info.py | 60 + .../ise/plugins/modules/sg_mapping_group_info.py | 149 +++ .../cisco/ise/plugins/modules/sg_mapping_info.py | 157 +++ .../cisco/ise/plugins/modules/sg_to_vn_to_vlan.py | 209 +++ .../sg_to_vn_to_vlan_bulk_monitor_status_info.py | 76 ++ .../modules/sg_to_vn_to_vlan_bulk_request.py | 60 + .../ise/plugins/modules/sg_to_vn_to_vlan_info.py | 175 +++ .../cisco/ise/plugins/modules/sgt.py | 157 +++ .../modules/sgt_bulk_monitor_status_info.py | 76 ++ .../cisco/ise/plugins/modules/sgt_bulk_request.py | 60 + .../cisco/ise/plugins/modules/sgt_info.py | 161 +++ .../cisco/ise/plugins/modules/sms_provider_info.py | 127 ++ .../cisco/ise/plugins/modules/sponsor_group.py | 309 +++++ .../ise/plugins/modules/sponsor_group_info.py | 217 +++ .../plugins/modules/sponsor_group_member_info.py | 127 ++ .../cisco/ise/plugins/modules/sponsor_portal.py | 609 +++++++++ .../ise/plugins/modules/sponsor_portal_info.py | 335 +++++ .../ise/plugins/modules/sponsored_guest_portal.py | 804 +++++++++++ .../plugins/modules/sponsored_guest_portal_info.py | 405 ++++++ .../cisco/ise/plugins/modules/support_bundle.py | 105 ++ .../ise/plugins/modules/support_bundle_download.py | 69 + .../plugins/modules/support_bundle_status_info.py | 117 ++ .../cisco/ise/plugins/modules/sxp_connections.py | 152 +++ .../sxp_connections_bulk_monitor_status_info.py | 72 + .../modules/sxp_connections_bulk_request.py | 56 + .../ise/plugins/modules/sxp_connections_info.py | 155 +++ .../ise/plugins/modules/sxp_local_bindings.py | 143 ++ .../sxp_local_bindings_bulk_monitor_status_info.py | 72 + .../modules/sxp_local_bindings_bulk_request.py | 56 + .../ise/plugins/modules/sxp_local_bindings_info.py | 151 +++ .../cisco/ise/plugins/modules/sxp_vpns.py | 76 ++ .../modules/sxp_vpns_bulk_monitor_status_info.py | 72 + .../ise/plugins/modules/sxp_vpns_bulk_request.py | 56 + .../cisco/ise/plugins/modules/sxp_vpns_info.py | 141 ++ .../ise/plugins/modules/system_certificate.py | 185 +++ .../plugins/modules/system_certificate_create.py | 142 ++ .../modules/system_certificate_export_info.py | 75 ++ .../plugins/modules/system_certificate_import.py | 144 ++ .../ise/plugins/modules/system_certificate_info.py | 175 +++ .../plugins/modules/system_config_version_info.py | 60 + .../ise/plugins/modules/tacacs_command_sets.py | 159 +++ .../plugins/modules/tacacs_command_sets_info.py | 142 ++ .../ise/plugins/modules/tacacs_external_servers.py | 146 ++ .../modules/tacacs_external_servers_info.py | 132 ++ .../cisco/ise/plugins/modules/tacacs_profile.py | 153 +++ .../ise/plugins/modules/tacacs_profile_info.py | 140 ++ .../ise/plugins/modules/tacacs_server_sequence.py | 159 +++ .../plugins/modules/tacacs_server_sequence_info.py | 136 ++ .../cisco/ise/plugins/modules/tasks_info.py | 79 ++ .../cisco/ise/plugins/modules/telemetry_info.py | 139 ++ .../modules/threat_vulnerabilities_clear.py | 56 + .../plugins/modules/transport_gateway_settings.py | 77 ++ .../modules/transport_gateway_settings_info.py | 56 + .../ise/plugins/modules/trusted_certificate.py | 219 +++ .../modules/trusted_certificate_export_info.py | 75 ++ .../plugins/modules/trusted_certificate_import.py | 103 ++ .../plugins/modules/trusted_certificate_info.py | 205 +++ .../cisco/ise/plugins/modules/trustsec_nbar_app.py | 130 ++ .../ise/plugins/modules/trustsec_nbar_app_info.py | 151 +++ .../ise/plugins/modules/trustsec_sg_vn_mapping.py | 130 ++ .../modules/trustsec_sg_vn_mapping_bulk_create.py | 87 ++ .../modules/trustsec_sg_vn_mapping_bulk_delete.py | 59 + .../modules/trustsec_sg_vn_mapping_bulk_update.py | 87 ++ .../plugins/modules/trustsec_sg_vn_mapping_info.py | 145 ++ .../cisco/ise/plugins/modules/trustsec_vn.py | 113 ++ .../ise/plugins/modules/trustsec_vn_bulk_create.py | 75 ++ .../ise/plugins/modules/trustsec_vn_bulk_delete.py | 59 + .../ise/plugins/modules/trustsec_vn_bulk_update.py | 75 ++ .../cisco/ise/plugins/modules/trustsec_vn_info.py | 141 ++ .../plugins/modules/trustsec_vn_vlan_mapping.py | 139 ++ .../trustsec_vn_vlan_mapping_bulk_create.py | 93 ++ .../trustsec_vn_vlan_mapping_bulk_delete.py | 59 + .../trustsec_vn_vlan_mapping_bulk_update.py | 93 ++ .../modules/trustsec_vn_vlan_mapping_info.py | 149 +++ .../cisco/ise/plugins/plugin_utils/__init__.py | 0 .../cisco/ise/plugins/plugin_utils/exceptions.py | 18 + .../cisco/ise/plugins/plugin_utils/ise.py | 259 ++++ .../ise/plugins/plugin_utils/personas_utils.py | 195 +++ 774 files changed, 103688 insertions(+) create mode 100644 ansible_collections/cisco/ise/plugins/action/aci_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/aci_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/action/aci_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/aci_test_connectivity.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_add_groups.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_groups_by_domain_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_is_user_member_of_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_join_domain.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_join_domain_with_all_nodes.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain_with_all_nodes.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_trusted_domains_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/active_directory_user_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/admin_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/allowed_protocols.py create mode 100644 ansible_collections/cisco/ise/plugins/action/allowed_protocols_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_endpoint_apply.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_endpoint_clear.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_endpoint_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_policy.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/anc_policy_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/authorization_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/action/authorization_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_cancel.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_config.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_last_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_restore.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_schedule_config.py create mode 100644 ansible_collections/cisco/ise/plugins/action/backup_schedule_config_update.py create mode 100644 ansible_collections/cisco/ise/plugins/action/bind_signed_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/byod_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/byod_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/certificate_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/action/certificate_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/certificate_template_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/csr_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/csr_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/csr_generate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/csr_generate_intermediate_ca.py create mode 100644 ansible_collections/cisco/ise/plugins/action/csr_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/deployment_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authentication_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authorization_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_command_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authentication_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authorization_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authorization_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_identity_stores_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_policy_set.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_service_names_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/downloadable_acl.py create mode 100644 ansible_collections/cisco/ise/plugins/action/downloadable_acl_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clear_all.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clone.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_set_all_status.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_deregister.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_get_rejected_endpoints_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_register.py create mode 100644 ansible_collections/cisco/ise/plugins/action/endpoint_release_rejected_endpoint.py create mode 100644 ansible_collections/cisco/ise/plugins/action/external_radius_server.py create mode 100644 ansible_collections/cisco/ise/plugins/action/external_radius_server_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/filter_policy.py create mode 100644 ansible_collections/cisco/ise/plugins/action/filter_policy_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_location_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_ssid.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_ssid_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_type.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_type_email.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_type_sms.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_change_sponsor_password.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_deny.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_email.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_reinstate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_reset_password.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_sms.py create mode 100644 ansible_collections/cisco/ise/plugins/action/guest_user_suspend.py create mode 100644 ansible_collections/cisco/ise/plugins/action/hotpatch_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/hotpatch_install.py create mode 100644 ansible_collections/cisco/ise/plugins/action/hotpatch_rollback.py create mode 100644 ansible_collections/cisco/ise/plugins/action/hotspot_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/hotspot_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/id_store_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/action/id_store_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/identity_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/identity_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/internal_user.py create mode 100644 ansible_collections/cisco/ise/plugins/action/internal_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/ise_root_ca_regenerate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_connection_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_eval_license_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_feature_to_tier_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_registration_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_registration_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_smart_state_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_smart_state_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_tier_state_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/licensing_tier_state_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_account_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_athentication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_authentication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_failure_reasons_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_active_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_active_list_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_auth_list_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_by_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_by_nas_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_by_username_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_delete_all.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_disconnect_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_posture_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_profiler_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_session_reauthentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_sessions_by_session_id_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/mnt_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/my_device_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/my_device_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/native_supplicant_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/action/native_supplicant_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authentication_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authorization_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authorization_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_dictionary_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_identity_stores_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_reset_hitcounts.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_network_condition.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_network_condition_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_policy_set.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_policy_set_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_security_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_service_name_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/network_device_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_deployment.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_deployment_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_deployment_sync.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_group_node_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_group_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_group_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_primary_to_standalone.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_promotion.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_replication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_secondary_to_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_services_interfaces_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_standalone_to_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/action/node_sync.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pan_ha.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pan_ha_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pan_ha_update.py create mode 100644 ansible_collections/cisco/ise/plugins/action/patch_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/patch_install.py create mode 100644 ansible_collections/cisco/ise/plugins/action/patch_rollback.py create mode 100644 ansible_collections/cisco/ise/plugins/action/personas_check_standalone.py create mode 100644 ansible_collections/cisco/ise/plugins/action/personas_export_certs.py create mode 100644 ansible_collections/cisco/ise/plugins/action/personas_promote_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/action/personas_register_node.py create mode 100644 ansible_collections/cisco/ise/plugins/action/personas_update_roles_services.py create mode 100644 ansible_collections/cisco/ise/plugins/action/portal_global_setting.py create mode 100644 ansible_collections/cisco/ise/plugins/action/portal_global_setting_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/portal_theme.py create mode 100644 ansible_collections/cisco/ise/plugins/action/portal_theme_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/profiler_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/proxy_connection_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/action/proxy_connection_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/px_grid_node_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/action/px_grid_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/px_grid_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/px_grid_settings_auto_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_access_secret.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_account_activate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_account_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_authorization.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_egress_matrices_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_egress_policies_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_endpoint_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_os_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_failures_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_healths_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_node_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_performances_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_security_group_acls_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_security_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_service_lookup.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_service_register.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_service_reregister.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_service_unregister.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_session_for_recovery_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_sessions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_settings_auto_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_user_group_by_username_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/pxgrid_user_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/radius_server_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/action/radius_server_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/renew_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/repository.py create mode 100644 ansible_collections/cisco/ise/plugins/action/repository_files_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/repository_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/resource_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/rest_id_store.py create mode 100644 ansible_collections/cisco/ise/plugins/action/rest_id_store_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/self_registered_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/self_registered_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/selfsigned_certificate_generate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/session_service_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_acl.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_acl_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_all.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_all.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sgt.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sgt_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sgt_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sgt_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sms_provider_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsor_group.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsor_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsor_group_member_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsor_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsor_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/support_bundle.py create mode 100644 ansible_collections/cisco/ise/plugins/action/support_bundle_download.py create mode 100644 ansible_collections/cisco/ise/plugins/action/support_bundle_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_connections.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_connections_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_local_bindings.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_vpns.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/action/sxp_vpns_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_certificate_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_certificate_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_certificate_import.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_certificate_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/system_config_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_command_sets.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_command_sets_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_external_servers.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_external_servers_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/tasks_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/telemetry_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/threat_vulnerabilities_clear.py create mode 100644 ansible_collections/cisco/ise/plugins/action/transport_gateway_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/action/transport_gateway_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trusted_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trusted_certificate_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trusted_certificate_import.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trusted_certificate_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_info.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/doc_fragments/__init__.py create mode 100644 ansible_collections/cisco/ise/plugins/doc_fragments/module.py create mode 100644 ansible_collections/cisco/ise/plugins/doc_fragments/module_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/__init__.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/aci_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/aci_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/aci_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/aci_test_connectivity.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_add_groups.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_groups_by_domain_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_is_user_member_of_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain_with_all_nodes.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain_with_all_nodes.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_trusted_domains_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/active_directory_user_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/admin_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/allowed_protocols.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/allowed_protocols_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_endpoint_apply.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_endpoint_clear.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_endpoint_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_policy.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/anc_policy_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/authorization_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/authorization_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_cancel.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_config.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_last_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_restore.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_schedule_config.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/backup_schedule_config_update.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/bind_signed_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/byod_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/byod_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/certificate_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/certificate_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/certificate_template_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/csr_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/csr_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/csr_generate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/csr_generate_intermediate_ca.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/csr_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/deployment_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_command_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authentication_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authorization_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authorization_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_identity_stores_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_service_names_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/downloadable_acl.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/downloadable_acl_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clear_all.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clone.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_set_all_status.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_deregister.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_get_rejected_endpoints_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_register.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/endpoint_release_rejected_endpoint.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/external_radius_server.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/external_radius_server_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/filter_policy.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/filter_policy_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_location_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_ssid.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_ssid_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_type.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_type_email.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_type_sms.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_change_sponsor_password.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_deny.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_email.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_reinstate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_reset_password.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_sms.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/guest_user_suspend.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/hotpatch_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/hotpatch_install.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/hotpatch_rollback.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/hotspot_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/hotspot_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/id_store_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/id_store_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/identity_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/identity_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/internal_user.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/internal_user_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/ise_root_ca_regenerate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_connection_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_eval_license_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_feature_to_tier_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_registration_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_registration_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_account_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_athentication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_authentication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_failure_reasons_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_active_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_active_list_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_auth_list_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_by_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_by_nas_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_by_username_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_delete_all.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_disconnect_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_posture_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_profiler_count_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_session_reauthentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_sessions_by_session_id_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/mnt_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/my_device_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/my_device_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authentication_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authorization_rule_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authentication_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authorization_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_identity_stores_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_reset_hitcounts.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_network_condition.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_network_condition_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_policy_set.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_reset_hitcount.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_security_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_service_name_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/network_device_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_deployment.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_deployment_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_deployment_sync.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_group_node_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_group_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_group_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_primary_to_standalone.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_promotion.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_replication_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_secondary_to_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_services_interfaces_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_standalone_to_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/node_sync.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pan_ha.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pan_ha_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pan_ha_update.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/patch_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/patch_install.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/patch_rollback.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/personas_check_standalone.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/personas_export_certs.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/personas_promote_primary.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/personas_register_node.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/personas_update_roles_services.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/portal_global_setting.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/portal_global_setting_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/portal_theme.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/portal_theme_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/profiler_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/px_grid_node_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/px_grid_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/px_grid_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/px_grid_settings_auto_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_access_secret.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_account_activate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_account_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_authorization.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_matrices_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_policies_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoint_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_os_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_type_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_failures_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_healths_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_node_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_node_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_performances_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_profiles_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_security_group_acls_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_security_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_service_lookup.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_service_register.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_service_reregister.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_service_unregister.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_ip_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_mac_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_session_for_recovery_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_sessions_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_settings_auto_approve.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_user_group_by_username_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/pxgrid_user_groups_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/radius_server_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/radius_server_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/renew_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/repository.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/repository_files_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/repository_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/resource_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/rest_id_store.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/rest_id_store_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/self_registered_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/self_registered_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/selfsigned_certificate_generate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/session_service_node_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_acl.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_acl_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_all.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_all.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sgt.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sgt_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sgt_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sgt_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sms_provider_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsor_group.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsor_group_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsor_group_member_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsor_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsor_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/support_bundle.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/support_bundle_download.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/support_bundle_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_connections.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_connections_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_vpns.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_monitor_status_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_request.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/sxp_vpns_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_certificate_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_certificate_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_certificate_import.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_certificate_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/system_config_version_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_profile.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_profile_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/tasks_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/telemetry_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/threat_vulnerabilities_clear.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trusted_certificate.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trusted_certificate_export_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trusted_certificate_import.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trusted_certificate_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_info.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_create.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_delete.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_update.py create mode 100644 ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_info.py create mode 100644 ansible_collections/cisco/ise/plugins/plugin_utils/__init__.py create mode 100644 ansible_collections/cisco/ise/plugins/plugin_utils/exceptions.py create mode 100644 ansible_collections/cisco/ise/plugins/plugin_utils/ise.py create mode 100644 ansible_collections/cisco/ise/plugins/plugin_utils/personas_utils.py (limited to 'ansible_collections/cisco/ise/plugins') diff --git a/ansible_collections/cisco/ise/plugins/action/aci_bindings_info.py b/ansible_collections/cisco/ise/plugins/action/aci_bindings_info.py new file mode 100644 index 00000000..53de0a3c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/aci_bindings_info.py @@ -0,0 +1,130 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filterBy=dict(type="list"), + filterValue=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter_by=params.get("filterBy"), + filter_value=params.get("filterValue"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + responses = [] + generator = ise.exec( + family="aci_bindings", + function='get_aci_bindings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['ACIBindings'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/aci_settings.py b/ansible_collections/cisco/ise/plugins/action/aci_settings.py new file mode 100644 index 00000000..f0f25512 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/aci_settings.py @@ -0,0 +1,253 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + id=dict(type="str"), + enableAci=dict(type="bool"), + ipAddressHostName=dict(type="str"), + adminName=dict(type="str"), + adminPassword=dict(type="str"), + aciipaddress=dict(type="str"), + aciuserName=dict(type="str"), + acipassword=dict(type="str"), + tenantName=dict(type="str"), + l3RouteNetwork=dict(type="str"), + suffixToEpg=dict(type="str"), + suffixToSgt=dict(type="str"), + allSxpDomain=dict(type="bool"), + specificSxpDomain=dict(type="bool"), + specifixSxpDomainList=dict(type="list"), + enableDataPlane=dict(type="bool"), + untaggedPacketIepgName=dict(type="str"), + defaultSgtName=dict(type="str"), + enableElementsLimit=dict(type="bool"), + maxNumIepgFromAci=dict(type="int"), + maxNumSgtToAci=dict(type="int"), + aci50=dict(type="bool"), + aci51=dict(type="bool"), +)) + +required_if = [ + ("state", "present", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class AciSettings(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + enable_aci=params.get("enableAci"), + ip_address_host_name=params.get("ipAddressHostName"), + admin_name=params.get("adminName"), + admin_password=params.get("adminPassword"), + aciipaddress=params.get("aciipaddress"), + aciuser_name=params.get("aciuserName"), + acipassword=params.get("acipassword"), + tenant_name=params.get("tenantName"), + l3_route_network=params.get("l3RouteNetwork"), + suffix_to_epg=params.get("suffixToEpg"), + suffix_to_sgt=params.get("suffixToSgt"), + all_sxp_domain=params.get("allSxpDomain"), + specific_sxp_domain=params.get("specificSxpDomain"), + specifix_sxp_domain_list=params.get("specifixSxpDomainList"), + enable_data_plane=params.get("enableDataPlane"), + untagged_packet_iepg_name=params.get("untaggedPacketIepgName"), + default_sgt_name=params.get("defaultSgtName"), + enable_elements_limit=params.get("enableElementsLimit"), + max_num_iepg_from_aci=params.get("maxNumIepgFromAci"), + max_num_sgt_to_aci=params.get("maxNumSgtToAci"), + aci50=params.get("aci50"), + aci51=params.get("aci51"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="aci_settings", + function="get_aci_settings" + ).response['AciSettings'] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + try: + result = self.ise.exec( + family="aci_settings", + function="get_aci_settings", + handle_func_exception=False, + ).response['AciSettings'] + # result = get_dict_result(result, 'id', id) + except Exception as e: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("enableAci", "enable_aci"), + ("ipAddressHostName", "ip_address_host_name"), + ("adminName", "admin_name"), + ("adminPassword", "admin_password"), + ("aciipaddress", "aciipaddress"), + ("aciuserName", "aciuser_name"), + ("acipassword", "acipassword"), + ("tenantName", "tenant_name"), + ("l3RouteNetwork", "l3_route_network"), + ("suffixToEpg", "suffix_to_epg"), + ("suffixToSgt", "suffix_to_sgt"), + ("allSxpDomain", "all_sxp_domain"), + ("specificSxpDomain", "specific_sxp_domain"), + ("specifixSxpDomainList", "specifix_sxp_domain_list"), + ("enableDataPlane", "enable_data_plane"), + ("untaggedPacketIepgName", "untagged_packet_iepg_name"), + ("defaultSgtName", "default_sgt_name"), + ("enableElementsLimit", "enable_elements_limit"), + ("maxNumIepgFromAci", "max_num_iepg_from_aci"), + ("maxNumSgtToAci", "max_num_sgt_to_aci"), + ("aci50", "aci50"), + ("aci51", "aci51"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="aci_settings", + function="update_aci_settings_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = AciSettings(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/aci_settings_info.py b/ansible_collections/cisco/ise/plugins/action/aci_settings_info.py new file mode 100644 index 00000000..930fdb51 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/aci_settings_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="aci_settings", + function='get_aci_settings', + params=self.get_object(self._task.args) + ).response['AciSettings'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/aci_test_connectivity.py b/ansible_collections/cisco/ise/plugins/action/aci_test_connectivity.py new file mode 100644 index 00000000..60b95623 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/aci_test_connectivity.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="aci_settings", + function="test_aci_connectivity", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory.py b/ansible_collections/cisco/ise/plugins/action/active_directory.py new file mode 100644 index 00000000..0d2a18d7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory.py @@ -0,0 +1,233 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + domain=dict(type="str"), + enableDomainWhiteList=dict(type="bool"), + adgroups=dict(type="dict"), + advancedSettings=dict(type="dict"), + adAttributes=dict(type="dict"), + adScopesNames=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActiveDirectory(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + domain=params.get("domain"), + enable_domain_white_list=params.get("enableDomainWhiteList"), + adgroups=params.get("adgroups"), + advanced_settings=params.get("advancedSettings"), + ad_attributes=params.get("adAttributes"), + ad_scopes_names=params.get("adScopesNames"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="active_directory", + function="get_active_directory_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['ERSActiveDirectory'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="active_directory", + function="get_active_directory_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['ERSActiveDirectory'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + result = False + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("domain", "domain"), + ("enableDomainWhiteList", "enable_domain_white_list"), + ("adgroups", "adgroups"), + ("advancedSettings", "advanced_settings"), + ("adAttributes", "ad_attributes"), + ("adScopesNames", "ad_scopes_names"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="active_directory", + function="create_active_directory", + params=self.new_object, + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="active_directory", + function="delete_active_directory_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = ActiveDirectory(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = prev_obj + ise.object_present_and_different() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_add_groups.py b/ansible_collections/cisco/ise/plugins/action/active_directory_add_groups.py new file mode 100644 index 00000000..e6afb52d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_add_groups.py @@ -0,0 +1,104 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + domain=dict(type="str"), + enableDomainWhiteList=dict(type="bool"), + adgroups=dict(type="dict"), + advancedSettings=dict(type="dict"), + adAttributes=dict(type="dict"), + adScopesNames=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + domain=params.get("domain"), + enable_domain_white_list=params.get("enableDomainWhiteList"), + adgroups=params.get("adgroups"), + advanced_settings=params.get("advancedSettings"), + ad_attributes=params.get("adAttributes"), + ad_scopes_names=params.get("adScopesNames"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="active_directory", + function="load_groups_from_domain", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_groups_by_domain_info.py b/ansible_collections/cisco/ise/plugins/action/active_directory_groups_by_domain_info.py new file mode 100644 index 00000000..c303d3b7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_groups_by_domain_info.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + additionalData=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + additional_data=params.get("additionalData"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="active_directory", + function='get_groups_by_domain', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectoryGroups'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_info.py b/ansible_collections/cisco/ise/plugins/action/active_directory_info.py new file mode 100644 index 00000000..673b0870 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="active_directory", + function='get_active_directory_by_id', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectory'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="active_directory", + function='get_active_directory_by_name', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectory'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="active_directory", + function='get_active_directory_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_is_user_member_of_group_info.py b/ansible_collections/cisco/ise/plugins/action/active_directory_is_user_member_of_group_info.py new file mode 100644 index 00000000..1134e7ba --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_is_user_member_of_group_info.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + additionalData=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + additional_data=params.get("additionalData"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="active_directory", + function='is_user_member_of_groups', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectoryGroups'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain.py b/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain.py new file mode 100644 index 00000000..8da2dfe8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="active_directory", + function="join_domain", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain_with_all_nodes.py b/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain_with_all_nodes.py new file mode 100644 index 00000000..3c597a0f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_join_domain_with_all_nodes.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="active_directory", + function="join_domain_with_all_nodes", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain.py b/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain.py new file mode 100644 index 00000000..c3aa7c7e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="active_directory", + function="leave_domain", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain_with_all_nodes.py b/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain_with_all_nodes.py new file mode 100644 index 00000000..56b8b3b2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_leave_domain_with_all_nodes.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="active_directory", + function="leave_domain_with_all_nodes", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_trusted_domains_info.py b/ansible_collections/cisco/ise/plugins/action/active_directory_trusted_domains_info.py new file mode 100644 index 00000000..1415f4ca --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_trusted_domains_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="active_directory", + function='get_trusted_domains', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectoryDomains'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/active_directory_user_groups_info.py b/ansible_collections/cisco/ise/plugins/action/active_directory_user_groups_info.py new file mode 100644 index 00000000..262c9cd9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/active_directory_user_groups_info.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + additionalData=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + additional_data=params.get("additionalData"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="active_directory", + function='get_user_groups', + params=self.get_object(self._task.args) + ).response['ERSActiveDirectoryGroups'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/admin_user_info.py b/ansible_collections/cisco/ise/plugins/action/admin_user_info.py new file mode 100644 index 00000000..6ee351a3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/admin_user_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="admin_user", + function='get_admin_user_by_id', + params=self.get_object(self._task.args) + ).response['AdminUser'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="admin_user", + function='get_admin_users_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/allowed_protocols.py b/ansible_collections/cisco/ise/plugins/action/allowed_protocols.py new file mode 100644 index 00000000..eb9de9f6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/allowed_protocols.py @@ -0,0 +1,308 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + eapTls=dict(type="dict"), + peap=dict(type="dict"), + eapFast=dict(type="dict"), + eapTtls=dict(type="dict"), + teap=dict(type="dict"), + processHostLookup=dict(type="bool"), + allowPapAscii=dict(type="bool"), + allowChap=dict(type="bool"), + allowMsChapV1=dict(type="bool"), + allowMsChapV2=dict(type="bool"), + allowEapMd5=dict(type="bool"), + allowLeap=dict(type="bool"), + allowEapTls=dict(type="bool"), + allowEapTtls=dict(type="bool"), + allowEapFast=dict(type="bool"), + allowPeap=dict(type="bool"), + allowTeap=dict(type="bool"), + allowPreferredEapProtocol=dict(type="bool"), + preferredEapProtocol=dict(type="str"), + eapTlsLBit=dict(type="bool"), + allowWeakCiphersForEap=dict(type="bool"), + requireMessageAuth=dict(type="bool"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class AllowedProtocols(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + eap_tls=params.get("eapTls"), + peap=params.get("peap"), + eap_fast=params.get("eapFast"), + eap_ttls=params.get("eapTtls"), + teap=params.get("teap"), + process_host_lookup=params.get("processHostLookup"), + allow_pap_ascii=params.get("allowPapAscii"), + allow_chap=params.get("allowChap"), + allow_ms_chap_v1=params.get("allowMsChapV1"), + allow_ms_chap_v2=params.get("allowMsChapV2"), + allow_eap_md5=params.get("allowEapMd5"), + allow_leap=params.get("allowLeap"), + allow_eap_tls=params.get("allowEapTls"), + allow_eap_ttls=params.get("allowEapTtls"), + allow_eap_fast=params.get("allowEapFast"), + allow_peap=params.get("allowPeap"), + allow_teap=params.get("allowTeap"), + allow_preferred_eap_protocol=params.get("allowPreferredEapProtocol"), + preferred_eap_protocol=params.get("preferredEapProtocol"), + eap_tls_l_bit=params.get("eapTlsLBit"), + allow_weak_ciphers_for_eap=params.get("allowWeakCiphersForEap"), + require_message_auth=params.get("requireMessageAuth"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="allowed_protocols", + function="get_allowed_protocol_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['AllowedProtocols'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="allowed_protocols", + function="get_allowed_protocol_by_id", + handle_func_exception=False, + params={"id": id} + ).response['AllowedProtocols'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("eapTls", "eap_tls"), + ("peap", "peap"), + ("eapFast", "eap_fast"), + ("eapTtls", "eap_ttls"), + ("teap", "teap"), + ("processHostLookup", "process_host_lookup"), + ("allowPapAscii", "allow_pap_ascii"), + ("allowChap", "allow_chap"), + ("allowMsChapV1", "allow_ms_chap_v1"), + ("allowMsChapV2", "allow_ms_chap_v2"), + ("allowEapMd5", "allow_eap_md5"), + ("allowLeap", "allow_leap"), + ("allowEapTls", "allow_eap_tls"), + ("allowEapTtls", "allow_eap_ttls"), + ("allowEapFast", "allow_eap_fast"), + ("allowPeap", "allow_peap"), + ("allowTeap", "allow_teap"), + ("allowPreferredEapProtocol", "allow_preferred_eap_protocol"), + ("preferredEapProtocol", "preferred_eap_protocol"), + ("eapTlsLBit", "eap_tls_l_bit"), + ("allowWeakCiphersForEap", "allow_weak_ciphers_for_eap"), + ("requireMessageAuth", "require_message_auth"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="allowed_protocols", + function="create_allowed_protocol", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="allowed_protocols", + function="update_allowed_protocol_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="allowed_protocols", + function="delete_allowed_protocol_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = AllowedProtocols(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/allowed_protocols_info.py b/ansible_collections/cisco/ise/plugins/action/allowed_protocols_info.py new file mode 100644 index 00000000..00258f04 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/allowed_protocols_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="allowed_protocols", + function='get_allowed_protocol_by_id', + params=self.get_object(self._task.args) + ).response['AllowedProtocols'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="allowed_protocols", + function='get_allowed_protocol_by_name', + params=self.get_object(self._task.args) + ).response['AllowedProtocols'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="allowed_protocols", + function='get_allowed_protocols_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_endpoint_apply.py b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_apply.py new file mode 100644 index 00000000..e6b6b818 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_apply.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="anc_endpoint", + function="apply_anc_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_monitor_status_info.py new file mode 100644 index 00000000..96e51ce6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="anc_endpoint", + function='monitor_bulk_status_anc_endpoint', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_request.py new file mode 100644 index 00000000..eb2dcb10 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="anc_endpoint", + function="bulk_request_for_anc_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_endpoint_clear.py b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_clear.py new file mode 100644 index 00000000..696acc0c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_clear.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="anc_endpoint", + function="clear_anc_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_endpoint_info.py b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_info.py new file mode 100644 index 00000000..69ccd3d4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_endpoint_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="anc_endpoint", + function='get_anc_endpoint_by_id', + params=self.get_object(self._task.args) + ).response['ErsAncEndpoint'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="anc_endpoint", + function='get_anc_endpoint_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_policy.py b/ansible_collections/cisco/ise/plugins/action/anc_policy.py new file mode 100644 index 00000000..d429c258 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_policy.py @@ -0,0 +1,242 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + actions=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class AncPolicy(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + actions=params.get("actions"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="anc_policy", + function="get_anc_policy_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['ErsAncPolicy'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="anc_policy", + function="get_anc_policy_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ErsAncPolicy'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("actions", "actions"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="anc_policy", + function="create_anc_policy", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="anc_policy", + function="update_anc_policy_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="anc_policy", + function="delete_anc_policy_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = AncPolicy(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_monitor_status_info.py new file mode 100644 index 00000000..8815b1bf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="anc_policy", + function='monitor_bulk_status_anc_policy', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_request.py new file mode 100644 index 00000000..bcd09421 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_policy_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="anc_policy", + function="bulk_request_for_anc_policy", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/anc_policy_info.py b/ansible_collections/cisco/ise/plugins/action/anc_policy_info.py new file mode 100644 index 00000000..aa54af4e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/anc_policy_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="anc_policy", + function='get_anc_policy_by_id', + params=self.get_object(self._task.args) + ).response['ErsAncPolicy'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="anc_policy", + function='get_anc_policy_by_name', + params=self.get_object(self._task.args) + ).response['ErsAncPolicy'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="anc_policy", + function='get_anc_policy_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/authorization_profile.py b/ansible_collections/cisco/ise/plugins/action/authorization_profile.py new file mode 100644 index 00000000..cdf71fdc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/authorization_profile.py @@ -0,0 +1,317 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + advancedAttributes=dict(type="list"), + accessType=dict(type="str"), + authzProfileType=dict(type="str"), + vlan=dict(type="dict"), + reauth=dict(type="dict"), + airespaceACL=dict(type="str"), + airespaceIPv6ACL=dict(type="str"), + webRedirection=dict(type="dict"), + acl=dict(type="str"), + trackMovement=dict(type="bool"), + agentlessPosture=dict(type="bool"), + serviceTemplate=dict(type="bool"), + easywiredSessionCandidate=dict(type="bool"), + daclName=dict(type="str"), + voiceDomainPermission=dict(type="bool"), + neat=dict(type="bool"), + webAuth=dict(type="bool"), + autoSmartPort=dict(type="str"), + interfaceTemplate=dict(type="str"), + ipv6ACLFilter=dict(type="str"), + avcProfile=dict(type="str"), + macSecPolicy=dict(type="str"), + asaVpn=dict(type="str"), + profileName=dict(type="str"), + ipv6DaclName=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class AuthorizationProfile(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + advanced_attributes=params.get("advancedAttributes"), + access_type=params.get("accessType"), + authz_profile_type=params.get("authzProfileType"), + vlan=params.get("vlan"), + reauth=params.get("reauth"), + airespace_acl=params.get("airespaceACL"), + airespace_ipv6_acl=params.get("airespaceIPv6ACL"), + web_redirection=params.get("webRedirection"), + acl=params.get("acl"), + track_movement=params.get("trackMovement"), + agentless_posture=params.get("agentlessPosture"), + service_template=params.get("serviceTemplate"), + easywired_session_candidate=params.get("easywiredSessionCandidate"), + dacl_name=params.get("daclName"), + voice_domain_permission=params.get("voiceDomainPermission"), + neat=params.get("neat"), + web_auth=params.get("webAuth"), + auto_smart_port=params.get("autoSmartPort"), + interface_template=params.get("interfaceTemplate"), + ipv6_acl_filter=params.get("ipv6ACLFilter"), + avc_profile=params.get("avcProfile"), + mac_sec_policy=params.get("macSecPolicy"), + asa_vpn=params.get("asaVpn"), + profile_name=params.get("profileName"), + ipv6_dacl_name=params.get("ipv6DaclName"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="authorization_profile", + function="get_authorization_profile_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['AuthorizationProfile'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="authorization_profile", + function="get_authorization_profile_by_id", + handle_func_exception=False, + params={"id": id} + ).response['AuthorizationProfile'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("advancedAttributes", "advanced_attributes"), + ("accessType", "access_type"), + ("authzProfileType", "authz_profile_type"), + ("vlan", "vlan"), + ("reauth", "reauth"), + ("airespaceACL", "airespace_acl"), + ("airespaceIPv6ACL", "airespace_ipv6_acl"), + ("webRedirection", "web_redirection"), + ("acl", "acl"), + ("trackMovement", "track_movement"), + ("agentlessPosture", "agentless_posture"), + ("serviceTemplate", "service_template"), + ("easywiredSessionCandidate", "easywired_session_candidate"), + ("daclName", "dacl_name"), + ("voiceDomainPermission", "voice_domain_permission"), + ("neat", "neat"), + ("webAuth", "web_auth"), + ("autoSmartPort", "auto_smart_port"), + ("interfaceTemplate", "interface_template"), + ("ipv6ACLFilter", "ipv6_acl_filter"), + ("avcProfile", "avc_profile"), + ("macSecPolicy", "mac_sec_policy"), + ("asaVpn", "asa_vpn"), + ("profileName", "profile_name"), + ("ipv6DaclName", "ipv6_dacl_name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="authorization_profile", + function="create_authorization_profile", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="authorization_profile", + function="update_authorization_profile_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="authorization_profile", + function="delete_authorization_profile_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = AuthorizationProfile(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/authorization_profile_info.py b/ansible_collections/cisco/ise/plugins/action/authorization_profile_info.py new file mode 100644 index 00000000..da068f9d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/authorization_profile_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="authorization_profile", + function='get_authorization_profile_by_id', + params=self.get_object(self._task.args) + ).response['AuthorizationProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="authorization_profile", + function='get_authorization_profile_by_name', + params=self.get_object(self._task.args) + ).response['AuthorizationProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="authorization_profile", + function='get_authorization_profiles_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_cancel.py b/ansible_collections/cisco/ise/plugins/action/backup_cancel.py new file mode 100644 index 00000000..2e27c32b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_cancel.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="backup_and_restore", + function="cancel_backup", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_config.py b/ansible_collections/cisco/ise/plugins/action/backup_config.py new file mode 100644 index 00000000..20b70a7c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_config.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + backupEncryptionKey=dict(type="str"), + backupName=dict(type="str"), + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + backup_encryption_key=params.get("backupEncryptionKey"), + backup_name=params.get("backupName"), + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="backup_and_restore", + function="config_backup", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_last_status_info.py b/ansible_collections/cisco/ise/plugins/action/backup_last_status_info.py new file mode 100644 index 00000000..6befcecb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_last_status_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="backup_and_restore", + function='get_last_config_backup_status', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_restore.py b/ansible_collections/cisco/ise/plugins/action/backup_restore.py new file mode 100644 index 00000000..9898d6fe --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_restore.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + backupEncryptionKey=dict(type="str"), + repositoryName=dict(type="str"), + restoreFile=dict(type="str"), + restoreIncludeAdeos=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + backup_encryption_key=params.get("backupEncryptionKey"), + repository_name=params.get("repositoryName"), + restore_file=params.get("restoreFile"), + restore_include_adeos=params.get("restoreIncludeAdeos"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="backup_and_restore", + function="restore_config_backup", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_schedule_config.py b/ansible_collections/cisco/ise/plugins/action/backup_schedule_config.py new file mode 100644 index 00000000..c26acbfe --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_schedule_config.py @@ -0,0 +1,108 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + backupDescription=dict(type="str"), + backupEncryptionKey=dict(type="str"), + backupName=dict(type="str"), + endDate=dict(type="str"), + frequency=dict(type="str"), + monthDay=dict(type="str"), + repositoryName=dict(type="str"), + startDate=dict(type="str"), + status=dict(type="str"), + time=dict(type="str"), + weekDay=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + backup_description=params.get("backupDescription"), + backup_encryption_key=params.get("backupEncryptionKey"), + backup_name=params.get("backupName"), + end_date=params.get("endDate"), + frequency=params.get("frequency"), + month_day=params.get("monthDay"), + repository_name=params.get("repositoryName"), + start_date=params.get("startDate"), + status=params.get("status"), + time=params.get("time"), + week_day=params.get("weekDay"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="backup_and_restore", + function="create_scheduled_config_backup", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/backup_schedule_config_update.py b/ansible_collections/cisco/ise/plugins/action/backup_schedule_config_update.py new file mode 100644 index 00000000..56aeec22 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/backup_schedule_config_update.py @@ -0,0 +1,108 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + backupDescription=dict(type="str"), + backupEncryptionKey=dict(type="str"), + backupName=dict(type="str"), + endDate=dict(type="str"), + frequency=dict(type="str"), + monthDay=dict(type="str"), + repositoryName=dict(type="str"), + startDate=dict(type="str"), + status=dict(type="str"), + time=dict(type="str"), + weekDay=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + backup_description=params.get("backupDescription"), + backup_encryption_key=params.get("backupEncryptionKey"), + backup_name=params.get("backupName"), + end_date=params.get("endDate"), + frequency=params.get("frequency"), + month_day=params.get("monthDay"), + repository_name=params.get("repositoryName"), + start_date=params.get("startDate"), + status=params.get("status"), + time=params.get("time"), + week_day=params.get("weekDay"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="backup_and_restore", + function="update_scheduled_config_backup", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/bind_signed_certificate.py b/ansible_collections/cisco/ise/plugins/action/bind_signed_certificate.py new file mode 100644 index 00000000..d247db93 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/bind_signed_certificate.py @@ -0,0 +1,120 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + admin=dict(type="bool"), + allowExtendedValidity=dict(type="bool"), + allowOutOfDateCert=dict(type="bool"), + allowReplacementOfCertificates=dict(type="bool"), + allowReplacementOfPortalGroupTag=dict(type="bool"), + data=dict(type="str"), + eap=dict(type="bool"), + hostName=dict(type="str"), + id=dict(type="str"), + ims=dict(type="bool"), + name=dict(type="str"), + portal=dict(type="bool"), + portalGroupTag=dict(type="str"), + pxgrid=dict(type="bool"), + radius=dict(type="bool"), + saml=dict(type="bool"), + validateCertificateExtensions=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + admin=params.get("admin"), + allow_extended_validity=params.get("allowExtendedValidity"), + allow_out_of_date_cert=params.get("allowOutOfDateCert"), + allow_replacement_of_certificates=params.get("allowReplacementOfCertificates"), + allow_replacement_of_portal_group_tag=params.get("allowReplacementOfPortalGroupTag"), + data=params.get("data"), + eap=params.get("eap"), + host_name=params.get("hostName"), + id=params.get("id"), + ims=params.get("ims"), + name=params.get("name"), + portal=params.get("portal"), + portal_group_tag=params.get("portalGroupTag"), + pxgrid=params.get("pxgrid"), + radius=params.get("radius"), + saml=params.get("saml"), + validate_certificate_extensions=params.get("validateCertificateExtensions"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="bind_csr", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/byod_portal.py b/ansible_collections/cisco/ise/plugins/action/byod_portal.py new file mode 100644 index 00000000..4de9abd9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/byod_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ByodPortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="byod_portal", + function="get_byod_portal_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="byod_portal", + function="get_byod_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['BYODPortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="byod_portal", + function="create_byod_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="byod_portal", + function="update_byod_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="byod_portal", + function="delete_byod_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = ByodPortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/byod_portal_info.py b/ansible_collections/cisco/ise/plugins/action/byod_portal_info.py new file mode 100644 index 00000000..ba4017d9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/byod_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="byod_portal", + function='get_byod_portal_by_id', + params=self.get_object(self._task.args) + ).response['BYODPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="byod_portal", + function='get_byod_portal_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/certificate_profile.py b/ansible_collections/cisco/ise/plugins/action/certificate_profile.py new file mode 100644 index 00000000..a6c13c28 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/certificate_profile.py @@ -0,0 +1,232 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + externalIdentityStoreName=dict(type="str"), + certificateAttributeName=dict(type="str"), + allowedAsUserName=dict(type="bool"), + matchMode=dict(type="str"), + usernameFrom=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class CertificateProfile(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + external_identity_store_name=params.get("externalIdentityStoreName"), + certificate_attribute_name=params.get("certificateAttributeName"), + allowed_as_user_name=params.get("allowedAsUserName"), + match_mode=params.get("matchMode"), + username_from=params.get("usernameFrom"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="certificate_profile", + function="get_certificate_profile_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['CertificateProfile'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="certificate_profile", + function="get_certificate_profile_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['CertificateProfile'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + result = False + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("externalIdentityStoreName", "external_identity_store_name"), + ("certificateAttributeName", "certificate_attribute_name"), + ("allowedAsUserName", "allowed_as_user_name"), + ("matchMode", "match_mode"), + ("usernameFrom", "username_from"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="certificate_profile", + function="create_certificate_profile", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="certificate_profile", + function="update_certificate_profile_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = CertificateProfile(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/certificate_profile_info.py b/ansible_collections/cisco/ise/plugins/action/certificate_profile_info.py new file mode 100644 index 00000000..20505ace --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/certificate_profile_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="certificate_profile", + function='get_certificate_profile_by_id', + params=self.get_object(self._task.args) + ).response['CertificateProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="certificate_profile", + function='get_certificate_profile_by_name', + params=self.get_object(self._task.args) + ).response['CertificateProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="certificate_profile", + function='get_certificate_profile_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/certificate_template_info.py b/ansible_collections/cisco/ise/plugins/action/certificate_template_info.py new file mode 100644 index 00000000..2d0bab58 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/certificate_template_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="certificate_template", + function='get_certificate_template_by_id', + params=self.get_object(self._task.args) + ).response['ERSCertificateTemplate'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="certificate_template", + function='get_certificate_template_by_name', + params=self.get_object(self._task.args) + ).response['ERSCertificateTemplate'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="certificate_template", + function='get_certificate_template_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/csr_delete.py b/ansible_collections/cisco/ise/plugins/action/csr_delete.py new file mode 100644 index 00000000..6c0a2f6d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/csr_delete.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostName=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + host_name=params.get("hostName"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="delete_csr_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/csr_export_info.py b/ansible_collections/cisco/ise/plugins/action/csr_export_info.py new file mode 100644 index 00000000..16e74b49 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/csr_export_info.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), + id=dict(type="str"), + dirPath=dict(type="str"), + saveFile=dict(type="bool"), + filename=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + id=params.get("id"), + dirpath=params.get("dirPath"), + save_file=params.get("saveFile"), + filename=params.get("filename"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("filename") + if id: + download_response = ise.exec( + family="certificates", + function='export_csr', + params=self.get_object(self._task.args) + ) + response = dict( + data=download_response.data.decode(encoding='utf-8'), + filename=download_response.filename, + dirpath=download_response.dirpath, + path=download_response.path, + ) + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/csr_generate.py b/ansible_collections/cisco/ise/plugins/action/csr_generate.py new file mode 100644 index 00000000..8c1d62d6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/csr_generate.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + allowWildCardCert=dict(type="bool"), + certificatePolicies=dict(type="str"), + digestType=dict(type="str"), + hostnames=dict(type="list"), + keyLength=dict(type="str"), + keyType=dict(type="str"), + portalGroupTag=dict(type="str"), + sanDNS=dict(type="list"), + sanDir=dict(type="list"), + sanIP=dict(type="list"), + sanURI=dict(type="list"), + subjectCity=dict(type="str"), + subjectCommonName=dict(type="str"), + subjectCountry=dict(type="str"), + subjectOrg=dict(type="str"), + subjectOrgUnit=dict(type="str"), + subjectState=dict(type="str"), + usedFor=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + allow_wild_card_cert=params.get("allowWildCardCert"), + certificate_policies=params.get("certificatePolicies"), + digest_type=params.get("digestType"), + hostnames=params.get("hostnames"), + key_length=params.get("keyLength"), + key_type=params.get("keyType"), + portal_group_tag=params.get("portalGroupTag"), + san_dns=params.get("sanDNS"), + san_dir=params.get("sanDir"), + san_ip=params.get("sanIP"), + san_uri=params.get("sanURI"), + subject_city=params.get("subjectCity"), + subject_common_name=params.get("subjectCommonName"), + subject_country=params.get("subjectCountry"), + subject_org=params.get("subjectOrg"), + subject_org_unit=params.get("subjectOrgUnit"), + subject_state=params.get("subjectState"), + used_for=params.get("usedFor"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="generate_csr", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/csr_generate_intermediate_ca.py b/ansible_collections/cisco/ise/plugins/action/csr_generate_intermediate_ca.py new file mode 100644 index 00000000..50eeb940 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/csr_generate_intermediate_ca.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="generate_intermediate_ca_csr", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/csr_info.py b/ansible_collections/cisco/ise/plugins/action/csr_info.py new file mode 100644 index 00000000..028e2f31 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/csr_info.py @@ -0,0 +1,143 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + hostName=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + host_name=params.get("hostName"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostName") + if id: + response = ise.exec( + family="certificates", + function='get_csr_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="certificates", + function='get_csrs_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/deployment_info.py b/ansible_collections/cisco/ise/plugins/action/deployment_info.py new file mode 100644 index 00000000..206b6673 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/deployment_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + timeout=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + timeout=params.get("timeout"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="pull_deployment_info", + function='get_deployment_info', + params=self.get_object(self._task.args) + ).response['ERSDeploymentInfo'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_reset_hitcount.py new file mode 100644 index 00000000..02e4e34a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_reset_hitcount.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="device_administration_authentication_rules", + function="reset_hit_counts_device_admin_authentication_rules", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules.py new file mode 100644 index 00000000..8ef7ec09 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules.py @@ -0,0 +1,269 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + identitySourceName=dict(type="str"), + ifAuthFail=dict(type="str"), + ifProcessFail=dict(type="str"), + ifUserNotFound=dict(type="str"), + link=dict(type="dict"), + rule=dict(type="dict"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationAuthenticationRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + identity_source_name=params.get("identitySourceName"), + if_auth_fail=params.get("ifAuthFail"), + if_process_fail=params.get("ifProcessFail"), + if_user_not_found=params.get("ifUserNotFound"), + link=params.get("link"), + rule=params.get("rule"), + policy_id=params.get("policyId"), + id=params.get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_authentication_rules", + function="get_device_admin_authentication_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="device_administration_authentication_rules", + function="get_device_admin_authentication_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("identitySourceName", "identity_source_name"), + ("ifAuthFail", "if_auth_fail"), + ("ifProcessFail", "if_process_fail"), + ("ifUserNotFound", "if_user_not_found"), + ("link", "link"), + ("rule", "rule"), + ("policyId", "policy_id"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_authentication_rules", + function="create_device_admin_authentication_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authentication_rules", + function="update_device_admin_authentication_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authentication_rules", + function="delete_device_admin_authentication_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationAuthenticationRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules_info.py new file mode 100644 index 00000000..ff175ae6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authentication_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_authentication_rules", + function='get_device_admin_authentication_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_authentication_rules", + function='get_device_admin_authentication_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_reset_hitcount.py new file mode 100644 index 00000000..029a324d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_reset_hitcount.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="device_administration_authorization_rules", + function="reset_hit_counts_device_admin_authorization_rules", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules.py new file mode 100644 index 00000000..c1a42a95 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules.py @@ -0,0 +1,263 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + commands=dict(type="list"), + link=dict(type="dict"), + profile=dict(type="str"), + rule=dict(type="dict"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationAuthorizationRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + commands=params.get("commands"), + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + policy_id=params.get("policyId"), + id=params.get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_authorization_rules", + function="get_device_admin_authorization_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="device_administration_authorization_rules", + function="get_device_admin_authorization_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("commands", "commands"), + ("link", "link"), + ("profile", "profile"), + ("rule", "rule"), + ("policyId", "policy_id"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_authorization_rules", + function="create_device_admin_authorization_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_rules", + function="update_device_admin_authorization_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_rules", + function="delete_device_admin_authorization_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationAuthorizationRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules_info.py new file mode 100644 index 00000000..dffaf212 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_authorization_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_authorization_rules", + function='get_device_admin_authorization_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_authorization_rules", + function='get_device_admin_authorization_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_command_set_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_command_set_info.py new file mode 100644 index 00000000..e6adeda1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_command_set_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_command_set", + function='get_device_admin_command_sets', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_conditions.py b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions.py new file mode 100644 index 00000000..97df92d6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions.py @@ -0,0 +1,287 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + isNegate=dict(type="bool"), + link=dict(type="dict"), + description=dict(type="str"), + id=dict(type="str"), + name=dict(type="str"), + attributeName=dict(type="str"), + attributeValue=dict(type="str"), + dictionaryName=dict(type="str"), + dictionaryValue=dict(type="str"), + operator=dict(type="str"), + children=dict(type="list"), + datesRange=dict(type="dict"), + datesRangeException=dict(type="dict"), + hoursRange=dict(type="dict"), + hoursRangeException=dict(type="dict"), + weekDays=dict(type="list"), + weekDaysException=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationConditions(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + is_negate=params.get("isNegate"), + link=params.get("link"), + description=params.get("description"), + id=params.get("id"), + name=params.get("name"), + attribute_name=params.get("attributeName"), + attribute_value=params.get("attributeValue"), + dictionary_name=params.get("dictionaryName"), + dictionary_value=params.get("dictionaryValue"), + operator=params.get("operator"), + children=params.get("children"), + dates_range=params.get("datesRange"), + dates_range_exception=params.get("datesRangeException"), + hours_range=params.get("hoursRange"), + hours_range_exception=params.get("hoursRangeException"), + week_days=params.get("weekDays"), + week_days_exception=params.get("weekDaysException"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="device_administration_conditions", + function="get_device_admin_condition_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="device_administration_conditions", + function="get_device_admin_condition_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("isNegate", "is_negate"), + ("link", "link"), + ("description", "description"), + ("id", "id"), + ("name", "name"), + ("attributeName", "attribute_name"), + ("attributeValue", "attribute_value"), + ("dictionaryName", "dictionary_name"), + ("dictionaryValue", "dictionary_value"), + ("operator", "operator"), + ("children", "children"), + ("datesRange", "dates_range"), + ("datesRangeException", "dates_range_exception"), + ("hoursRange", "hours_range"), + ("hoursRangeException", "hours_range_exception"), + ("weekDays", "week_days"), + ("weekDaysException", "week_days_exception"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_conditions", + function="create_device_admin_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="device_administration_conditions", + function="update_device_admin_condition_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="device_administration_conditions", + function="update_device_admin_condition_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="device_administration_conditions", + function="delete_device_admin_condition_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="device_administration_conditions", + function="delete_device_admin_condition_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationConditions(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authentication_rule_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authentication_rule_info.py new file mode 100644 index 00000000..443fa6b6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authentication_rule_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_conditions_for_authentication_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authorization_rule_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authorization_rule_info.py new file mode 100644 index 00000000..39ec5bf9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_authorization_rule_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_conditions_for_authorization_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_policy_set_info.py new file mode 100644 index 00000000..84a3b83e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_for_policy_set_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_conditions_for_policy_sets', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_info.py new file mode 100644 index 00000000..4277903c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_conditions_info.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_condition_by_name', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_conditions", + function='get_device_admin_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authentication_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authentication_info.py new file mode 100644 index 00000000..56a7137b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authentication_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_dictionary_attributes_list", + function='get_device_admin_dictionaries_authentication', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authorization_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authorization_info.py new file mode 100644 index 00000000..07606e5a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_authorization_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_dictionary_attributes_list", + function='get_device_admin_dictionaries_authorization', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_policy_set_info.py new file mode 100644 index 00000000..eba17605 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_dictionary_attributes_policy_set_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_dictionary_attributes_list", + function='get_device_admin_dictionaries_policy_set', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules.py b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules.py new file mode 100644 index 00000000..895c4c6e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules.py @@ -0,0 +1,254 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + commands=dict(type="list"), + link=dict(type="dict"), + profile=dict(type="str"), + rule=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "absent", ["id", "rule"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationGlobalExceptionRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + commands=params.get("commands"), + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_authorization_global_exception_rules", + function="get_device_admin_policy_set_global_exception_rules", + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="device_administration_authorization_global_exception_rules", + function="get_device_admin_policy_set_global_exception_by_rule_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("commands", "commands"), + ("link", "link"), + ("profile", "profile"), + ("rule", "rule"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_authorization_global_exception_rules", + function="create_device_admin_policy_set_global_exception", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + result = None + if not id: + id_ = self.get_object_by_name(name).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_global_exception_rules", + function="update_device_admin_policy_set_global_exception_by_rule_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + result = None + if not id: + id_ = self.get_object_by_name(name).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_global_exception_rules", + function="delete_device_admin_policy_set_global_exception_by_rule_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationGlobalExceptionRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_info.py new file mode 100644 index 00000000..3bda0eb0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_authorization_global_exception_rules", + function='get_device_admin_policy_set_global_exception_by_rule_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_authorization_global_exception_rules", + function='get_device_admin_policy_set_global_exception_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..494b4aeb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_global_exception_rules_reset_hitcount.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="device_administration_authorization_global_exception_rules", + function="reset_hit_counts_device_admin_global_exceptions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_identity_stores_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_identity_stores_info.py new file mode 100644 index 00000000..e636a01f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_identity_stores_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_identity_stores", + function='get_device_admin_identity_stores', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules.py b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules.py new file mode 100644 index 00000000..570495d8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules.py @@ -0,0 +1,263 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + commands=dict(type="list"), + link=dict(type="dict"), + profile=dict(type="str"), + rule=dict(type="dict"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationLocalExceptionRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + commands=params.get("commands"), + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + policy_id=params.get("policyId"), + id=params.get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_authorization_exception_rules", + function="get_device_admin_local_exception_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="device_administration_authorization_exception_rules", + function="get_device_admin_local_exception_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("commands", "commands"), + ("link", "link"), + ("profile", "profile"), + ("rule", "rule"), + ("policyId", "policy_id"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_authorization_exception_rules", + function="create_device_admin_local_exception_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_exception_rules", + function="update_device_admin_local_exception_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="device_administration_authorization_exception_rules", + function="delete_device_admin_local_exception_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationLocalExceptionRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_info.py new file mode 100644 index 00000000..71dbfce7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_authorization_exception_rules", + function='get_device_admin_local_exception_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_authorization_exception_rules", + function='get_device_admin_local_exception_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..ce1b7887 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_local_exception_rules_reset_hitcount.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="device_administration_authorization_exception_rules", + function="reset_hit_counts_device_admin_local_exceptions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions.py b/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions.py new file mode 100644 index 00000000..502b5b6c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + description=dict(type="str"), + id=dict(type="str"), + link=dict(type="dict"), + name=dict(type="str"), + conditions=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationNetworkConditions(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + description=params.get("description"), + id=params.get("id"), + link=params.get("link"), + name=params.get("name"), + conditions=params.get("conditions"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_network_conditions", + function="get_device_admin_network_conditions", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="device_administration_network_conditions", + function="get_device_admin_network_condition_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("description", "description"), + ("id", "id"), + ("link", "link"), + ("name", "name"), + ("conditions", "conditions"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_network_conditions", + function="create_device_admin_network_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_network_conditions", + function="update_device_admin_network_condition_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_network_conditions", + function="delete_device_admin_network_condition_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationNetworkConditions(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions_info.py new file mode 100644 index 00000000..f04e2979 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_network_conditions_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_network_conditions", + function='get_device_admin_network_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_network_conditions", + function='get_device_admin_network_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set.py b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set.py new file mode 100644 index 00000000..23eb54ef --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set.py @@ -0,0 +1,256 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + condition=dict(type="dict"), + default=dict(type="bool"), + description=dict(type="str"), + hitCounts=dict(type="int"), + id=dict(type="str"), + isProxy=dict(type="bool"), + link=dict(type="dict"), + name=dict(type="str"), + rank=dict(type="int"), + serviceName=dict(type="str"), + state_=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationPolicySet(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition=params.get("condition"), + default=params.get("default"), + description=params.get("description"), + hit_counts=params.get("hitCounts"), + id=params.get("id"), + is_proxy=params.get("isProxy"), + link=params.get("link"), + name=params.get("name"), + rank=params.get("rank"), + service_name=params.get("serviceName"), + state=params.get("state_"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_policy_set", + function="get_device_admin_policy_sets", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="device_administration_policy_set", + function="get_device_admin_policy_set_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("condition", "condition"), + ("default", "default"), + ("description", "description"), + ("hitCounts", "hit_counts"), + ("id", "id"), + ("isProxy", "is_proxy"), + ("link", "link"), + ("name", "name"), + ("rank", "rank"), + ("serviceName", "service_name"), + ("state_", "state"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_policy_set", + function="create_device_admin_policy_set", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_policy_set", + function="update_device_admin_policy_set_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_policy_set", + function="delete_device_admin_policy_set_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationPolicySet(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_info.py new file mode 100644 index 00000000..b344da3f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_policy_set", + function='get_device_admin_policy_set_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_policy_set", + function='get_device_admin_policy_sets', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_reset_hitcount.py new file mode 100644 index 00000000..8c4ca8e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_policy_set_reset_hitcount.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="device_administration_policy_set", + function="reset_hit_counts_device_admin_policy_sets", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_profiles_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_profiles_info.py new file mode 100644 index 00000000..406618fd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_profiles_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_profiles", + function='get_device_admin_profiles', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_service_names_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_service_names_info.py new file mode 100644 index 00000000..020515c1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_service_names_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="device_administration_service_names", + function='get_device_admin_service_names', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions.py b/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions.py new file mode 100644 index 00000000..35431f36 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions.py @@ -0,0 +1,277 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + isNegate=dict(type="bool"), + link=dict(type="dict"), + description=dict(type="str"), + id=dict(type="str"), + name=dict(type="str"), + attributeName=dict(type="str"), + attributeValue=dict(type="str"), + dictionaryName=dict(type="str"), + dictionaryValue=dict(type="str"), + operator=dict(type="str"), + children=dict(type="list"), + datesRange=dict(type="dict"), + datesRangeException=dict(type="dict"), + hoursRange=dict(type="dict"), + hoursRangeException=dict(type="dict"), + weekDays=dict(type="list"), + weekDaysException=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DeviceAdministrationTimeDateConditions(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + is_negate=params.get("isNegate"), + link=params.get("link"), + description=params.get("description"), + id=params.get("id"), + name=params.get("name"), + attribute_name=params.get("attributeName"), + attribute_value=params.get("attributeValue"), + dictionary_name=params.get("dictionaryName"), + dictionary_value=params.get("dictionaryValue"), + operator=params.get("operator"), + children=params.get("children"), + dates_range=params.get("datesRange"), + dates_range_exception=params.get("datesRangeException"), + hours_range=params.get("hoursRange"), + hours_range_exception=params.get("hoursRangeException"), + week_days=params.get("weekDays"), + week_days_exception=params.get("weekDaysException"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="device_administration_time_date_conditions", + function="get_device_admin_time_conditions", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="device_administration_time_date_conditions", + function="get_device_admin_time_condition_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("isNegate", "is_negate"), + ("link", "link"), + ("description", "description"), + ("id", "id"), + ("name", "name"), + ("attributeName", "attribute_name"), + ("attributeValue", "attribute_value"), + ("dictionaryName", "dictionary_name"), + ("dictionaryValue", "dictionary_value"), + ("operator", "operator"), + ("children", "children"), + ("datesRange", "dates_range"), + ("datesRangeException", "dates_range_exception"), + ("hoursRange", "hours_range"), + ("hoursRangeException", "hours_range_exception"), + ("weekDays", "week_days"), + ("weekDaysException", "week_days_exception"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="device_administration_time_date_conditions", + function="create_device_admin_time_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_time_date_conditions", + function="update_device_admin_time_condition_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="device_administration_time_date_conditions", + function="delete_device_admin_time_condition_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DeviceAdministrationTimeDateConditions(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions_info.py b/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions_info.py new file mode 100644 index 00000000..3e8bfad3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/device_administration_time_date_conditions_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="device_administration_time_date_conditions", + function='get_device_admin_time_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="device_administration_time_date_conditions", + function='get_device_admin_time_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/downloadable_acl.py b/ansible_collections/cisco/ise/plugins/action/downloadable_acl.py new file mode 100644 index 00000000..d4a8bf43 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/downloadable_acl.py @@ -0,0 +1,264 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + dacl=dict(type="str"), + daclType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class DownloadableAcl(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + dacl=params.get("dacl"), + dacl_type=params.get("daclType"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + gen_items_responses = self.ise.exec( + family="downloadable_acl", + function="get_downloadable_acl_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="downloadable_acl", + function="get_downloadable_acl_by_id", + handle_func_exception=False, + params={"id": id} + ).response['DownloadableAcl'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("dacl", "dacl"), + ("daclType", "dacl_type"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="downloadable_acl", + function="create_downloadable_acl", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="downloadable_acl", + function="update_downloadable_acl_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="downloadable_acl", + function="delete_downloadable_acl_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = DownloadableAcl(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/downloadable_acl_info.py b/ansible_collections/cisco/ise/plugins/action/downloadable_acl_info.py new file mode 100644 index 00000000..8852b8b4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/downloadable_acl_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="downloadable_acl", + function='get_downloadable_acl_by_id', + params=self.get_object(self._task.args) + ).response['DownloadableAcl'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="downloadable_acl", + function='get_downloadable_acl_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell.py new file mode 100644 index 00000000..42f4b0d2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell.py @@ -0,0 +1,273 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + sourceSgtId=dict(type="str"), + destinationSgtId=dict(type="str"), + matrixCellStatus=dict(type="str"), + defaultRule=dict(type="str"), + sgacls=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class EgressMatrixCell(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + source_sgt_id=params.get("sourceSgtId"), + destination_sgt_id=params.get("destinationSgtId"), + matrix_cell_status=params.get("matrixCellStatus"), + default_rule=params.get("defaultRule"), + sgacls=params.get("sgacls"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="egress_matrix_cell", + function="get_egress_matrix_cell_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="egress_matrix_cell", + function="get_egress_matrix_cell_by_id", + handle_func_exception=False, + params={"id": id} + ).response['EgressMatrixCell'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("sourceSgtId", "source_sgt_id"), + ("destinationSgtId", "destination_sgt_id"), + ("matrixCellStatus", "matrix_cell_status"), + ("defaultRule", "default_rule"), + ("sgacls", "sgacls"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="egress_matrix_cell", + function="create_egress_matrix_cell", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="egress_matrix_cell", + function="update_egress_matrix_cell_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="egress_matrix_cell", + function="delete_egress_matrix_cell_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = EgressMatrixCell(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_monitor_status_info.py new file mode 100644 index 00000000..b64520c5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="egress_matrix_cell", + function='monitor_bulk_status_egress_matrix_cell', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_request.py new file mode 100644 index 00000000..5d4b889d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="egress_matrix_cell", + function="bulk_request_for_egress_matrix_cell", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clear_all.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clear_all.py new file mode 100644 index 00000000..d0f567c5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clear_all.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="egress_matrix_cell", + function="clear_all_matrix_cells", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clone.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clone.py new file mode 100644 index 00000000..46f78289 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_clone.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + srcSgtId=dict(type="str"), + dstSgtId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + src_sgt_id=params.get("srcSgtId"), + dst_sgt_id=params.get("dstSgtId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="egress_matrix_cell", + function="clone_matrix_cell", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_info.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_info.py new file mode 100644 index 00000000..0a903b42 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="egress_matrix_cell", + function='get_egress_matrix_cell_by_id', + params=self.get_object(self._task.args) + ).response['EgressMatrixCell'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="egress_matrix_cell", + function='get_egress_matrix_cell_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_set_all_status.py b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_set_all_status.py new file mode 100644 index 00000000..6e51eb94 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/egress_matrix_cell_set_all_status.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + status=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + status=params.get("status"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="egress_matrix_cell", + function="set_all_cells_status", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint.py b/ansible_collections/cisco/ise/plugins/action/endpoint.py new file mode 100644 index 00000000..b8526e70 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint.py @@ -0,0 +1,275 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +import re +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + description=dict(type="str"), + mac=dict(type="str"), + profileId=dict(type="str"), + staticProfileAssignment=dict(type="bool"), + groupId=dict(type="str"), + staticGroupAssignment=dict(type="bool"), + portalUser=dict(type="str"), + identityStore=dict(type="str"), + identityStoreId=dict(type="str"), + mdmAttributes=dict(type="dict"), + customAttributes=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "mac"], True), + ("state", "absent", ["id", "mac"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class Endpoint(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + description=params.get("description"), + mac=params.get("mac"), + profile_id=params.get("profileId"), + static_profile_assignment=params.get("staticProfileAssignment"), + group_id=params.get("groupId"), + static_group_assignment=params.get("staticGroupAssignment"), + portal_user=params.get("portalUser"), + identity_store=params.get("identityStore"), + identity_store_id=params.get("identityStoreId"), + mdm_attributes=params.get("mdmAttributes"), + custom_attributes=params.get("customAttributes"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="endpoint", + function="get_endpoint_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['ERSEndPoint'] + result["name"] = re.sub("[-:.]", "", result.get("name")).lower() + result["mac"] = re.sub("[-:.]", "", result.get("mac")).lower() + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="endpoint", + function="get_endpoint_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ERSEndPoint'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("mac") + if name: + name = re.sub("[-:.]", "", name).lower() + self.new_object.update(dict(mac=name)) + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("description", "description"), + ("mac", "mac"), + ("profileId", "profile_id"), + ("staticProfileAssignment", "static_profile_assignment"), + ("groupId", "group_id"), + ("staticGroupAssignment", "static_group_assignment"), + ("portalUser", "portal_user"), + ("identityStore", "identity_store"), + ("identityStoreId", "identity_store_id"), + ("mdmAttributes", "mdm_attributes"), + ("customAttributes", "custom_attributes"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="endpoint", + function="create_endpoint", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("mac") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="endpoint", + function="update_endpoint_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("mac") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="endpoint", + function="delete_endpoint_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = Endpoint(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_monitor_status_info.py new file mode 100644 index 00000000..c15d2dad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="endpoint", + function='monitor_bulk_status_endpoint', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_request.py new file mode 100644 index 00000000..346bdb96 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="endpoint", + function="bulk_request_for_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_certificate.py b/ansible_collections/cisco/ise/plugins/action/endpoint_certificate.py new file mode 100644 index 00000000..7c54400a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_certificate.py @@ -0,0 +1,106 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + certTemplateName=dict(type="str"), + format=dict(type="str"), + password=dict(type="str", no_log=True), + certificateRequest=dict(type="dict"), + dirPath=dict(type="str"), + saveFile=dict(type="bool"), + filename=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + cert_template_name=params.get("certTemplateName"), + format=params.get("format"), + password=params.get("password"), + certificate_request=params.get("certificateRequest"), + dirpath=params.get("dirPath"), + save_file=params.get("saveFile"), + filename=params.get("filename"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + download_response = ise.exec( + family="endpoint_certificate", + function="create_endpoint_certificate", + params=self.get_object(self._task.args), + ) + response = dict( + data=download_response.data.decode(encoding='utf-8'), + filename=download_response.filename, + dirpath=download_response.dirpath, + path=download_response.path, + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_deregister.py b/ansible_collections/cisco/ise/plugins/action/endpoint_deregister.py new file mode 100644 index 00000000..fad82b3a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_deregister.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="endpoint", + function="deregister_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_get_rejected_endpoints_info.py b/ansible_collections/cisco/ise/plugins/action/endpoint_get_rejected_endpoints_info.py new file mode 100644 index 00000000..5b2f513f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_get_rejected_endpoints_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="endpoint", + function='get_rejected_endpoints', + params=self.get_object(self._task.args) + ).response['OperationResult'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_group.py b/ansible_collections/cisco/ise/plugins/action/endpoint_group.py new file mode 100644 index 00000000..aae2a2f3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_group.py @@ -0,0 +1,245 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + systemDefined=dict(type="bool"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class EndpointGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + system_defined=params.get("systemDefined"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="endpoint_identity_group", + function="get_endpoint_group_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['EndPointGroup'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="endpoint_identity_group", + function="get_endpoint_group_by_id", + handle_func_exception=False, + params={"id": id} + ).response['EndPointGroup'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("systemDefined", "system_defined"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="endpoint_identity_group", + function="create_endpoint_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="endpoint_identity_group", + function="update_endpoint_group_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="endpoint_identity_group", + function="delete_endpoint_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = EndpointGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_group_info.py b/ansible_collections/cisco/ise/plugins/action/endpoint_group_info.py new file mode 100644 index 00000000..36994097 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_group_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="endpoint_identity_group", + function='get_endpoint_group_by_id', + params=self.get_object(self._task.args) + ).response['EndPointGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="endpoint_identity_group", + function='get_endpoint_group_by_name', + params=self.get_object(self._task.args) + ).response['EndPointGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="endpoint_identity_group", + function='get_endpoint_groups_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_info.py b/ansible_collections/cisco/ise/plugins/action/endpoint_info.py new file mode 100644 index 00000000..2dd382b4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="endpoint", + function='get_endpoint_by_id', + params=self.get_object(self._task.args) + ).response['ERSEndPoint'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="endpoint", + function='get_endpoint_by_name', + params=self.get_object(self._task.args) + ).response['ERSEndPoint'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="endpoint", + function='get_endpoints_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_register.py b/ansible_collections/cisco/ise/plugins/action/endpoint_register.py new file mode 100644 index 00000000..8976b3b3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_register.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + mac=dict(type="str"), + profileId=dict(type="str"), + staticProfileAssignment=dict(type="bool"), + groupId=dict(type="str"), + staticGroupAssignment=dict(type="bool"), + portalUser=dict(type="str"), + identityStore=dict(type="str"), + identityStoreId=dict(type="str"), + mdmAttributes=dict(type="dict"), + customAttributes=dict(type="dict"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + mac=params.get("mac"), + profile_id=params.get("profileId"), + static_profile_assignment=params.get("staticProfileAssignment"), + group_id=params.get("groupId"), + static_group_assignment=params.get("staticGroupAssignment"), + portal_user=params.get("portalUser"), + identity_store=params.get("identityStore"), + identity_store_id=params.get("identityStoreId"), + mdm_attributes=params.get("mdmAttributes"), + custom_attributes=params.get("customAttributes"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="endpoint", + function="register_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/endpoint_release_rejected_endpoint.py b/ansible_collections/cisco/ise/plugins/action/endpoint_release_rejected_endpoint.py new file mode 100644 index 00000000..fdbf701c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/endpoint_release_rejected_endpoint.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="endpoint", + function="release_rejected_endpoint", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/external_radius_server.py b/ansible_collections/cisco/ise/plugins/action/external_radius_server.py new file mode 100644 index 00000000..4beda906 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/external_radius_server.py @@ -0,0 +1,275 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + hostIP=dict(type="str"), + sharedSecret=dict(type="str"), + enableKeyWrap=dict(type="bool"), + encryptionKey=dict(type="str"), + authenticatorKey=dict(type="str"), + keyInputFormat=dict(type="str"), + authenticationPort=dict(type="int"), + accountingPort=dict(type="int"), + timeout=dict(type="int"), + retries=dict(type="int"), + proxyTimeout=dict(type="int"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ExternalRadiusServer(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + host_ip=params.get("hostIP"), + shared_secret=params.get("sharedSecret"), + enable_key_wrap=params.get("enableKeyWrap"), + encryption_key=params.get("encryptionKey"), + authenticator_key=params.get("authenticatorKey"), + key_input_format=params.get("keyInputFormat"), + authentication_port=params.get("authenticationPort"), + accounting_port=params.get("accountingPort"), + timeout=params.get("timeout"), + retries=params.get("retries"), + proxy_timeout=params.get("proxyTimeout"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="external_radius_server", + function="get_external_radius_server_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['ExternalRadiusServer'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="external_radius_server", + function="get_external_radius_server_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ExternalRadiusServer'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("hostIP", "host_ip"), + ("sharedSecret", "shared_secret"), + ("enableKeyWrap", "enable_key_wrap"), + ("encryptionKey", "encryption_key"), + ("authenticatorKey", "authenticator_key"), + ("keyInputFormat", "key_input_format"), + ("authenticationPort", "authentication_port"), + ("accountingPort", "accounting_port"), + ("timeout", "timeout"), + ("retries", "retries"), + ("proxyTimeout", "proxy_timeout"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="external_radius_server", + function="create_external_radius_server", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="external_radius_server", + function="update_external_radius_server_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="external_radius_server", + function="delete_external_radius_server_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = ExternalRadiusServer(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/external_radius_server_info.py b/ansible_collections/cisco/ise/plugins/action/external_radius_server_info.py new file mode 100644 index 00000000..e0043a0d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/external_radius_server_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="external_radius_server", + function='get_external_radius_server_by_id', + params=self.get_object(self._task.args) + ).response['ExternalRadiusServer'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="external_radius_server", + function='get_external_radius_server_by_name', + params=self.get_object(self._task.args) + ).response['ExternalRadiusServer'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="external_radius_server", + function='get_external_radius_server_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/filter_policy.py b/ansible_collections/cisco/ise/plugins/action/filter_policy.py new file mode 100644 index 00000000..3f473205 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/filter_policy.py @@ -0,0 +1,362 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +import re +try: + import ipaddress +except ImportError: + IPADDRESS_INSTALLED = False +else: + IPADDRESS_INSTALLED = True +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + subnet=dict(type="str"), + domains=dict(type="str"), + sgt=dict(type="str"), + vn=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "absent", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class FilterPolicy(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + subnet=params.get("subnet"), + domains=params.get("domains"), + sgt=params.get("sgt"), + vn=params.get("vn"), + id=params.get("id"), + ) + + def is_same_subnet(self, new, current): + if IPADDRESS_INSTALLED: + new_net = None + current_net = None + try: + new_net = ipaddress.ip_network(new, strict=False) + except ValueError: + new_net = None + try: + current_net = ipaddress.ip_network(current, strict=False) + except ValueError: + current_net = None + if new_net and current_net: + conflict = current_net.overlaps(new_net) or new_net.overlaps(current_net) + # conflict = current_net.subnet_of(new_net) or new_net.subnet_of(current_net) + # They are the mostly the same, both have overlapping net + return conflict + elif new_net is None and current_net is None: + return True + else: + return False + else: + if new and current: + return new == current + else: + return not current and not new + + def get_sgt_by_name(self, name): + if not name: + return None + try: + gen_items_responses = self.ise.exec( + family="filter_policy", + function="get_filter_policy_generator" + ) + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_sgt_by_id(self, id): + if not id: + return None + try: + result = self.ise.exec( + family="sgt", + function="get_security_group_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['Sgt'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def is_same_sgt(self, new, current): + # Values can be id or name + def clean_excess(name): + if name: + return re.sub(r"\s*\(.*\)$", "", name) + else: + return name + has_new = self.get_sgt_by_id(new) or self.get_sgt_by_name(clean_excess(new)) + has_current = self.get_sgt_by_id(current) or self.get_sgt_by_name(clean_excess(current)) + if has_new and has_current: + return has_new.get("id") == has_current.get("id") + else: + return not has_current and not has_new + + def is_same_vn(self, new, current): + if new and current: + return new == current + else: + return not current and not new + + def get_object_by_name(self, name, new_subnet, new_sgt, new_vn): + # NOTICE: Does not have a get by name method or it is in another action + result = None + gen_items_responses = self.ise.exec( + family="filter_policy", + function="get_filter_policy_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + for item in items: + current = self.get_object_by_id(item.get('id')) + if current: + has_same_subnet = self.is_same_subnet(new_subnet, current.get('subnet')) + has_same_sgt = self.is_same_sgt(new_sgt, current.get('sgt')) + has_same_vn = self.is_same_vn(new_vn, current.get('vn')) + if has_same_subnet and has_same_sgt and has_same_vn: + result = dict(current) + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="filter_policy", + function="get_filter_policy_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ERSFilterPolicy'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + id_exists = o_id and self.get_object_by_id(o_id) + if id_exists: + prev_obj = self.get_object_by_id(o_id) + if not id_exists: + name = self.new_object.get("name") + subnet = self.new_object.get("subnet") + sgt = self.new_object.get("sgt") + vn = self.new_object.get("vn") + prev_obj = self.get_object_by_name(name, subnet, sgt, vn) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + id_ = prev_obj.get("id") + self.new_object.update(dict(id=id_)) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("subnet", "subnet"), + ("domains", "domains"), + ("sgt", "sgt"), + ("vn", "vn"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="filter_policy", + function="create_filter_policy", + params=self.new_object, + ).response + return result + + def update(self): + result = self.ise.exec( + family="filter_policy", + function="update_filter_policy_by_id", + params=self.new_object + ).response + return result + + def delete(self): + result = self.ise.exec( + family="filter_policy", + function="delete_filter_policy_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = FilterPolicy(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/filter_policy_info.py b/ansible_collections/cisco/ise/plugins/action/filter_policy_info.py new file mode 100644 index 00000000..8b19e248 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/filter_policy_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="filter_policy", + function='get_filter_policy_by_id', + params=self.get_object(self._task.args) + ).response['ERSFilterPolicy'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="filter_policy", + function='get_filter_policy_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_location_info.py b/ansible_collections/cisco/ise/plugins/action/guest_location_info.py new file mode 100644 index 00000000..64c33c09 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_location_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_location", + function='get_guest_location_by_id', + params=self.get_object(self._task.args) + ).response['LocationIdentification'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="guest_location", + function='get_guest_location_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings.py b/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings.py new file mode 100644 index 00000000..2744262b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings.py @@ -0,0 +1,255 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + smtpServer=dict(type="str"), + notificationEnabled=dict(type="bool"), + useDefaultFromAddress=dict(type="bool"), + defaultFromAddress=dict(type="str"), + smtpPort=dict(type="str"), + connectionTimeout=dict(type="str"), + useTLSorSSLEncryption=dict(type="bool"), + usePasswordAuthentication=dict(type="bool"), + userName=dict(type="str"), + password=dict(type="str", no_log=True), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class GuestSmtpNotificationSettings(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + smtp_server=params.get("smtpServer"), + notification_enabled=params.get("notificationEnabled"), + use_default_from_address=params.get("useDefaultFromAddress"), + default_from_address=params.get("defaultFromAddress"), + smtp_port=params.get("smtpPort"), + connection_timeout=params.get("connectionTimeout"), + use_tlsor_ssl_encryption=params.get("useTLSorSSLEncryption"), + use_password_authentication=params.get("usePasswordAuthentication"), + user_name=params.get("userName"), + password=params.get("password"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="guest_smtp_notification_configuration", + function="get_guest_smtp_notification_settings_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="guest_smtp_notification_configuration", + function="get_guest_smtp_notification_settings_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['ERSGuestSmtpNotificationSettings'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("smtpServer", "smtp_server"), + ("notificationEnabled", "notification_enabled"), + ("useDefaultFromAddress", "use_default_from_address"), + ("defaultFromAddress", "default_from_address"), + ("smtpPort", "smtp_port"), + ("connectionTimeout", "connection_timeout"), + ("useTLSorSSLEncryption", "use_tlsor_ssl_encryption"), + ("usePasswordAuthentication", "use_password_authentication"), + ("userName", "user_name"), + ("password", "password"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="guest_smtp_notification_configuration", + function="create_guest_smtp_notification_settings", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="guest_smtp_notification_configuration", + function="update_guest_smtp_notification_settings_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = GuestSmtpNotificationSettings(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings_info.py b/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings_info.py new file mode 100644 index 00000000..42f64bcf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_smtp_notification_settings_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_smtp_notification_configuration", + function='get_guest_smtp_notification_settings_by_id', + params=self.get_object(self._task.args) + ).response['ERSGuestSmtpNotificationSettings'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="guest_smtp_notification_configuration", + function='get_guest_smtp_notification_settings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_ssid.py b/ansible_collections/cisco/ise/plugins/action/guest_ssid.py new file mode 100644 index 00000000..b1549161 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_ssid.py @@ -0,0 +1,255 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class GuestSsid(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="guest_ssid", + function="get_guest_ssid_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="guest_ssid", + function="get_guest_ssid_by_id", + handle_func_exception=False, + params={"id": id} + ).response['GuestSSID'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="guest_ssid", + function="create_guest_ssid", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="guest_ssid", + function="update_guest_ssid_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="guest_ssid", + function="delete_guest_ssid_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = GuestSsid(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_ssid_info.py b/ansible_collections/cisco/ise/plugins/action/guest_ssid_info.py new file mode 100644 index 00000000..7e6efd13 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_ssid_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_ssid", + function='get_guest_ssid_by_id', + params=self.get_object(self._task.args) + ).response['GuestSSID'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="guest_ssid", + function='get_guest_ssid_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_type.py b/ansible_collections/cisco/ise/plugins/action/guest_type.py new file mode 100644 index 00000000..0891266e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_type.py @@ -0,0 +1,273 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + isDefaultType=dict(type="bool"), + accessTime=dict(type="dict"), + loginOptions=dict(type="dict"), + expirationNotification=dict(type="dict"), + sponsorGroups=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class GuestType(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + is_default_type=params.get("isDefaultType"), + access_time=params.get("accessTime"), + login_options=params.get("loginOptions"), + expiration_notification=params.get("expirationNotification"), + sponsor_groups=params.get("sponsorGroups"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="guest_type", + function="get_guest_type_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="guest_type", + function="get_guest_type_by_id", + handle_func_exception=False, + params={"id": id} + ).response['GuestType'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("isDefaultType", "is_default_type"), + ("accessTime", "access_time"), + ("loginOptions", "login_options"), + ("expirationNotification", "expiration_notification"), + ("sponsorGroups", "sponsor_groups"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="guest_type", + function="create_guest_type", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="guest_type", + function="update_guest_type_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="guest_type", + function="delete_guest_type_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = GuestType(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_type_email.py b/ansible_collections/cisco/ise/plugins/action/guest_type_email.py new file mode 100644 index 00000000..e8d763c7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_type_email.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_type", + function="update_guest_type_email", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_type_info.py b/ansible_collections/cisco/ise/plugins/action/guest_type_info.py new file mode 100644 index 00000000..1de1cc2d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_type_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_type", + function='get_guest_type_by_id', + params=self.get_object(self._task.args) + ).response['GuestType'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="guest_type", + function='get_guest_type_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_type_sms.py b/ansible_collections/cisco/ise/plugins/action/guest_type_sms.py new file mode 100644 index 00000000..366f1d6f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_type_sms.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_type", + function="update_guest_type_sms", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user.py b/ansible_collections/cisco/ise/plugins/action/guest_user.py new file mode 100644 index 00000000..6e0c4c41 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user.py @@ -0,0 +1,280 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + guestType=dict(type="str"), + status=dict(type="str"), + statusReason=dict(type="str"), + reasonForVisit=dict(type="str"), + sponsorUserId=dict(type="str"), + sponsorUserName=dict(type="str"), + guestInfo=dict(type="dict"), + guestAccessInfo=dict(type="dict"), + portalId=dict(type="str"), + customFields=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class GuestUser(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + guest_type=params.get("guestType"), + status=params.get("status"), + status_reason=params.get("statusReason"), + reason_for_visit=params.get("reasonForVisit"), + sponsor_user_id=params.get("sponsorUserId"), + sponsor_user_name=params.get("sponsorUserName"), + guest_info=params.get("guestInfo"), + guest_access_info=params.get("guestAccessInfo"), + portal_id=params.get("portalId"), + custom_fields=params.get("customFields"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="guest_user", + function="get_guest_user_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['GuestUser'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="guest_user", + function="get_guest_user_by_id", + handle_func_exception=False, + params={"id": id} + ).response['GuestUser'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("guestType", "guest_type"), + ("status", "status"), + ("statusReason", "status_reason"), + ("reasonForVisit", "reason_for_visit"), + ("sponsorUserId", "sponsor_user_id"), + ("sponsorUserName", "sponsor_user_name"), + ("guestInfo", "guest_info"), + ("guestAccessInfo", "guest_access_info"), + ("portalId", "portal_id"), + ("customFields", "custom_fields"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="guest_user", + function="create_guest_user", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="guest_user", + function="update_guest_user_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="guest_user", + function="update_guest_user_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="guest_user", + function="delete_guest_user_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="guest_user", + function="delete_guest_user_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = GuestUser(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_approve.py b/ansible_collections/cisco/ise/plugins/action/guest_user_approve.py new file mode 100644 index 00000000..0b66958c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_approve.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="approve_guest_user_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_monitor_status_info.py new file mode 100644 index 00000000..738d2a50 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_user", + function='monitor_bulk_status_guest_user', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_request.py new file mode 100644 index 00000000..9f540905 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="bulk_request_for_guest_user", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_change_sponsor_password.py b/ansible_collections/cisco/ise/plugins/action/guest_user_change_sponsor_password.py new file mode 100644 index 00000000..d8cba208 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_change_sponsor_password.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + portalId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + portal_id=params.get("portalId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="change_sponsor_password", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_deny.py b/ansible_collections/cisco/ise/plugins/action/guest_user_deny.py new file mode 100644 index 00000000..6318526b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_deny.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="deny_guest_user_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_email.py b/ansible_collections/cisco/ise/plugins/action/guest_user_email.py new file mode 100644 index 00000000..16c8793b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_email.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + additionalData=dict(type="list"), + id=dict(type="str"), + portalId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + additional_data=params.get("additionalData"), + id=params.get("id"), + portal_id=params.get("portalId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="update_guest_user_email", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_info.py b/ansible_collections/cisco/ise/plugins/action/guest_user_info.py new file mode 100644 index 00000000..f6b61c08 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="guest_user", + function='get_guest_user_by_id', + params=self.get_object(self._task.args) + ).response['GuestUser'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="guest_user", + function='get_guest_user_by_name', + params=self.get_object(self._task.args) + ).response['GuestUser'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="guest_user", + function='get_guest_users_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_reinstate.py b/ansible_collections/cisco/ise/plugins/action/guest_user_reinstate.py new file mode 100644 index 00000000..33d20d1a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_reinstate.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="reinstate_guest_user_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_reset_password.py b/ansible_collections/cisco/ise/plugins/action/guest_user_reset_password.py new file mode 100644 index 00000000..c2eedfac --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_reset_password.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="reset_guest_user_password_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_sms.py b/ansible_collections/cisco/ise/plugins/action/guest_user_sms.py new file mode 100644 index 00000000..9a84b457 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_sms.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + portalId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + portal_id=params.get("portalId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="update_guest_user_sms", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/guest_user_suspend.py b/ansible_collections/cisco/ise/plugins/action/guest_user_suspend.py new file mode 100644 index 00000000..81f8a142 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/guest_user_suspend.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + additionalData=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + additional_data=params.get("additionalData"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="guest_user", + function="suspend_guest_user_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/hotpatch_info.py b/ansible_collections/cisco/ise/plugins/action/hotpatch_info.py new file mode 100644 index 00000000..0ef0efbc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/hotpatch_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="patching", + function='list_installed_hotpatches', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/hotpatch_install.py b/ansible_collections/cisco/ise/plugins/action/hotpatch_install.py new file mode 100644 index 00000000..3343ed07 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/hotpatch_install.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hotpatchName=dict(type="str"), + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hotpatch_name=params.get("hotpatchName"), + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="patching", + function="install_hotpatch", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/hotpatch_rollback.py b/ansible_collections/cisco/ise/plugins/action/hotpatch_rollback.py new file mode 100644 index 00000000..8e976eb5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/hotpatch_rollback.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hotpatchName=dict(type="str"), + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hotpatch_name=params.get("hotpatchName"), + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="patching", + function="rollback_hotpatch", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/hotspot_portal.py b/ansible_collections/cisco/ise/plugins/action/hotspot_portal.py new file mode 100644 index 00000000..31894a9c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/hotspot_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class HotspotPortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="hotspot_portal", + function="get_hotspot_portal_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="hotspot_portal", + function="get_hotspot_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['HotspotPortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="hotspot_portal", + function="create_hotspot_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="hotspot_portal", + function="update_hotspot_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="hotspot_portal", + function="delete_hotspot_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = HotspotPortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/hotspot_portal_info.py b/ansible_collections/cisco/ise/plugins/action/hotspot_portal_info.py new file mode 100644 index 00000000..928265df --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/hotspot_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="hotspot_portal", + function='get_hotspot_portal_by_id', + params=self.get_object(self._task.args) + ).response['HotspotPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="hotspot_portal", + function='get_hotspot_portal_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/id_store_sequence.py b/ansible_collections/cisco/ise/plugins/action/id_store_sequence.py new file mode 100644 index 00000000..8fff8a90 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/id_store_sequence.py @@ -0,0 +1,254 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + parent=dict(type="str"), + idSeqItem=dict(type="list"), + certificateAuthenticationProfile=dict(type="str"), + breakOnStoreFail=dict(type="bool"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class IdStoreSequence(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + parent=params.get("parent"), + id_seq_item=params.get("idSeqItem"), + certificate_authentication_profile=params.get("certificateAuthenticationProfile"), + break_on_store_fail=params.get("breakOnStoreFail"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="identity_sequence", + function="get_identity_sequence_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['IdStoreSequence'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="identity_sequence", + function="get_identity_sequence_by_id", + handle_func_exception=False, + params={"id": id} + ).response['IdStoreSequence'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("parent", "parent"), + ("idSeqItem", "id_seq_item"), + ("certificateAuthenticationProfile", "certificate_authentication_profile"), + ("breakOnStoreFail", "break_on_store_fail"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="identity_sequence", + function="create_identity_sequence", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="identity_sequence", + function="update_identity_sequence_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="identity_sequence", + function="delete_identity_sequence_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = IdStoreSequence(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/id_store_sequence_info.py b/ansible_collections/cisco/ise/plugins/action/id_store_sequence_info.py new file mode 100644 index 00000000..ec8ce7d6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/id_store_sequence_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="identity_sequence", + function='get_identity_sequence_by_id', + params=self.get_object(self._task.args) + ).response['IdStoreSequence'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="identity_sequence", + function='get_identity_sequence_by_name', + params=self.get_object(self._task.args) + ).response['IdStoreSequence'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="identity_sequence", + function='get_identity_sequence_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/identity_group.py b/ansible_collections/cisco/ise/plugins/action/identity_group.py new file mode 100644 index 00000000..42bf63fc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/identity_group.py @@ -0,0 +1,220 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + name=dict(type="str"), + description=dict(type="str"), + parent=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class IdentityGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + parent=params.get("parent"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="identity_groups", + function="get_identity_group_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['IdentityGroup'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="identity_groups", + function="get_identity_group_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['IdentityGroup'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + result = False + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("parent", "parent"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="identity_groups", + function="create_identity_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="identity_groups", + function="update_identity_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = IdentityGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/identity_group_info.py b/ansible_collections/cisco/ise/plugins/action/identity_group_info.py new file mode 100644 index 00000000..efa11397 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/identity_group_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="identity_groups", + function='get_identity_group_by_id', + params=self.get_object(self._task.args) + ).response['IdentityGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="identity_groups", + function='get_identity_group_by_name', + params=self.get_object(self._task.args) + ).response['IdentityGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="identity_groups", + function='get_identity_groups_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/internal_user.py b/ansible_collections/cisco/ise/plugins/action/internal_user.py new file mode 100644 index 00000000..47cb0ea2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/internal_user.py @@ -0,0 +1,338 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +try: + from ciscoisesdk import exceptions +except ImportError: + ISE_SDK_IS_INSTALLED = False +else: + ISE_SDK_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + enabled=dict(type="bool"), + email=dict(type="str"), + password=dict(type="str", no_log=True), + firstName=dict(type="str"), + lastName=dict(type="str"), + changePassword=dict(type="bool"), + identityGroups=dict(type="str"), + expiryDateEnabled=dict(type="bool"), + expiryDate=dict(type="str"), + enablePassword=dict(type="str"), + customAttributes=dict(type="dict"), + passwordIDStore=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class InternalUser(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + enabled=params.get("enabled"), + email=params.get("email"), + password=params.get("password"), + first_name=params.get("firstName"), + last_name=params.get("lastName"), + change_password=params.get("changePassword"), + identity_groups=params.get("identityGroups"), + expiry_date_enabled=params.get("expiryDateEnabled"), + expiry_date=params.get("expiryDate"), + enable_password=params.get("enablePassword"), + custom_attributes=params.get("customAttributes"), + password_idstore=params.get("passwordIDStore"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="internal_user", + function="get_internal_user_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['InternalUser'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="internal_user", + function="get_internal_user_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['InternalUser'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + force_change = False + change_params = [ + ("change_password", bool) + ] + for (change_param, type_) in change_params: + requested_obj_value = requested_obj.get(change_param) + if isinstance(requested_obj_value, type_): + # Next line checks if value is evaluated as True + if requested_obj_value: + force_change = True + break + else: + pass + else: + pass + + if force_change: + return force_change + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("enabled", "enabled"), + ("email", "email"), + ("password", "password"), + ("firstName", "first_name"), + ("lastName", "last_name"), + ("changePassword", "change_password"), + ("identityGroups", "identity_groups"), + ("expiryDateEnabled", "expiry_date_enabled"), + ("expiryDate", "expiry_date"), + ("enablePassword", "enable_password"), + ("customAttributes", "custom_attributes"), + ("passwordIDStore", "password_idstore"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="internal_user", + function="create_internal_user", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + change_password = self.new_object.get("change_password") + result = None + if id: + try: + result = self.ise.exec( + family="internal_user", + function="update_internal_user_by_id", + params=self.new_object, + handle_func_exception=False, + ).response + except exceptions.ApiError as e: + if not change_password and "Password can't be set to one of the earlier" in e.message: + self.ise.object_modify_result(changed=False, result="Object already present, update was attempted but failed because of password") + result = {'_changed_': True} + elif not change_password and "Password can't be set to one of the earlier" in e.details_str: + self.ise.object_modify_result(changed=False, result="Object already present, update was attempted but failed because of password") + result = {'_changed_': True} + else: + raise e + elif name: + try: + result = self.ise.exec( + family="internal_user", + function="update_internal_user_by_name", + params=self.new_object, + handle_func_exception=False, + ).response + except exceptions.ApiError as e: + if not change_password and "Password can't be set to one of the earlier" in e.message: + self.ise.object_modify_result(changed=False, result="Object already present, update was attempted but failed because of password") + result = {'_changed_': True} + elif not change_password and "Password can't be set to one of the earlier" in e.details_str: + self.ise.object_modify_result(changed=False, result="Object already present, update was attempted but failed because of password") + result = {'_changed_': True} + else: + raise e + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="internal_user", + function="delete_internal_user_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="internal_user", + function="delete_internal_user_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = InternalUser(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + try: + response = obj.update() + ise_update_response = response + self._result.update(dict(ise_update_response=ise_update_response)) + if response and response.get('_changed_'): + response = prev_obj + else: + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + ).format(error=e) + ) + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/internal_user_info.py b/ansible_collections/cisco/ise/plugins/action/internal_user_info.py new file mode 100644 index 00000000..5f731539 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/internal_user_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="internal_user", + function='get_internal_user_by_id', + params=self.get_object(self._task.args) + ).response['InternalUser'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="internal_user", + function='get_internal_user_by_name', + params=self.get_object(self._task.args) + ).response['InternalUser'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="internal_user", + function='get_internal_user_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/ise_root_ca_regenerate.py b/ansible_collections/cisco/ise/plugins/action/ise_root_ca_regenerate.py new file mode 100644 index 00000000..37822dd9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/ise_root_ca_regenerate.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + removeExistingISEIntermediateCSR=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + remove_existing_ise_intermediate_csr=params.get("removeExistingISEIntermediateCSR"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="regenerate_ise_root_ca", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_connection_type_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_connection_type_info.py new file mode 100644 index 00000000..200fb43c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_connection_type_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_connection_type', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_eval_license_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_eval_license_info.py new file mode 100644 index 00000000..199837b1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_eval_license_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_eval_license_info', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_feature_to_tier_mapping_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_feature_to_tier_mapping_info.py new file mode 100644 index 00000000..106410e6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_feature_to_tier_mapping_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_feature_to_tier_mapping', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_registration_create.py b/ansible_collections/cisco/ise/plugins/action/licensing_registration_create.py new file mode 100644 index 00000000..b5bea165 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_registration_create.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + connectionType=dict(type="str"), + registrationType=dict(type="str"), + ssmOnPremServer=dict(type="str"), + tier=dict(type="list"), + token=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + connection_type=params.get("connectionType"), + registration_type=params.get("registrationType"), + ssm_on_prem_server=params.get("ssmOnPremServer"), + tier=params.get("tier"), + token=params.get("token"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="licensing", + function="create_registration_info", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_registration_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_registration_info.py new file mode 100644 index 00000000..becdca1b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_registration_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_registration_info', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_create.py b/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_create.py new file mode 100644 index 00000000..6760b508 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_create.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="licensing", + function="configure_smart_state", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_info.py new file mode 100644 index 00000000..3ebd9ae9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_smart_state_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_smart_state', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_create.py b/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_create.py new file mode 100644 index 00000000..2ef2ac22 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_create.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="licensing", + function="update_tier_state_info", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_info.py b/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_info.py new file mode 100644 index 00000000..b4855b92 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/licensing_tier_state_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="licensing", + function='get_tier_state_info', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_account_status_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_account_status_info.py new file mode 100644 index 00000000..335f25c0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_account_status_info.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + mac=dict(type="str"), + duration=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + mac=params.get("mac"), + duration=params.get("duration"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='get_account_status_by_mac', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_athentication_status_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_athentication_status_info.py new file mode 100644 index 00000000..31a06b20 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_athentication_status_info.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + MAC=dict(type="str"), + SECONDS=dict(type="str"), + RECORDS=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + mac=params.get("MAC"), + seconds=params.get("SECONDS"), + records=params.get("RECORDS"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_authentication_status_by_mac', + params=self.get_object(self._task.args), + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_authentication_status_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_authentication_status_info.py new file mode 100644 index 00000000..7f953845 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_authentication_status_info.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + MAC=dict(type="str"), + SECONDS=dict(type="str"), + RECORDS=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + mac=params.get("MAC"), + seconds=params.get("SECONDS"), + records=params.get("RECORDS"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_authentication_status_by_mac', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_failure_reasons_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_failure_reasons_info.py new file mode 100644 index 00000000..4a2bfba1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_failure_reasons_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_failure_reasons', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_active_count_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_active_count_info.py new file mode 100644 index 00000000..c4c74831 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_active_count_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_active_count', + params=self.get_object(self._task.args) + ).response['count'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_active_list_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_active_list_info.py new file mode 100644 index 00000000..4e374bc3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_active_list_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_active_list', + params=self.get_object(self._task.args) + ).response['noOfActiveSession'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_auth_list_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_auth_list_info.py new file mode 100644 index 00000000..991c800c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_auth_list_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_session_auth_list', + params=self.get_object(self._task.args) + ).response['noOfActiveSession'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_by_ip_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_ip_info.py new file mode 100644 index 00000000..41a6b108 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_ip_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + endpoint_ipv4=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + endpoint_ipv4=params.get("endpoint_ipv4"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("endpoint_ipv4") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='get_sessions_by_endpoint_ip', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_by_mac_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_mac_info.py new file mode 100644 index 00000000..57e658c9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_mac_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + mac=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + mac=params.get("mac"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("mac") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='get_sessions_by_mac', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_by_nas_ip_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_nas_ip_info.py new file mode 100644 index 00000000..964c6ab2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_nas_ip_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + nas_ipv4=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + nas_ipv4=params.get("nas_ipv4"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("nas_ipv4") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='get_sessions_by_nas_ip', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_by_username_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_username_info.py new file mode 100644 index 00000000..8c79838f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_by_username_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + username=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + username=params.get("username"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("username") + if name: + response = ise.exec( + family="misc", + function='get_sessions_by_username', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_delete_all.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_delete_all.py new file mode 100644 index 00000000..ce0a3e68 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_delete_all.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="misc", + function="delete_all_sessions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_disconnect_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_disconnect_info.py new file mode 100644 index 00000000..36218b23 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_disconnect_info.py @@ -0,0 +1,106 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + ENDPOINT_IP=dict(type="str"), + PSN_NAME=dict(type="str"), + MAC=dict(type="str"), + DISCONNECT_TYPE=dict(type="str"), + NAS_IPV4=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + endpoint_ip=params.get("ENDPOINT_IP"), + psn_name=params.get("PSN_NAME"), + mac=params.get("MAC"), + disconnect_type=params.get("DISCONNECT_TYPE"), + nas_ipv4=params.get("NAS_IPV4"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='session_disconnect', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_posture_count_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_posture_count_info.py new file mode 100644 index 00000000..b67f5da4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_posture_count_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_posture_count', + params=self.get_object(self._task.args) + ).response['count'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_profiler_count_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_profiler_count_info.py new file mode 100644 index 00000000..2cbb1a65 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_profiler_count_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_profiler_count', + params=self.get_object(self._task.args) + ).response['count'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_session_reauthentication_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_session_reauthentication_info.py new file mode 100644 index 00000000..351aa4af --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_session_reauthentication_info.py @@ -0,0 +1,102 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + PSN_NAME=dict(type="str"), + ENDPOINT_MAC=dict(type="str"), + REAUTH_TYPE=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + psn_name=params.get("PSN_NAME"), + endpoint_mac=params.get("ENDPOINT_MAC"), + reauth_type=params.get("REAUTH_TYPE"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="misc", + function='session_reauthentication_by_mac', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_sessions_by_session_id_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_sessions_by_session_id_info.py new file mode 100644 index 00000000..2b4a8b24 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_sessions_by_session_id_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + session_id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + session_id=params.get("session_id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_sessions_by_session_id', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/mnt_version_info.py b/ansible_collections/cisco/ise/plugins/action/mnt_version_info.py new file mode 100644 index 00000000..f1d1b9d6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/mnt_version_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="misc", + function='get_mnt_version', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/my_device_portal.py b/ansible_collections/cisco/ise/plugins/action/my_device_portal.py new file mode 100644 index 00000000..874389fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/my_device_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class MyDevicePortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="my_device_portal", + function="get_my_device_portal_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="my_device_portal", + function="get_my_device_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['MyDevicePortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="my_device_portal", + function="create_my_device_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="my_device_portal", + function="update_my_device_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="my_device_portal", + function="delete_my_device_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = MyDevicePortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/my_device_portal_info.py b/ansible_collections/cisco/ise/plugins/action/my_device_portal_info.py new file mode 100644 index 00000000..ba6fc031 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/my_device_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="my_device_portal", + function='get_my_device_portal_by_id', + params=self.get_object(self._task.args) + ).response['MyDevicePortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="my_device_portal", + function='get_my_device_portal_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile.py b/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile.py new file mode 100644 index 00000000..b5c0a071 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile.py @@ -0,0 +1,248 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + wirelessProfiles=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NativeSupplicantProfile(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + wireless_profiles=params.get("wirelessProfiles"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + gen_items_responses = self.ise.exec( + family="native_supplicant_profile", + function="get_native_supplicant_profile_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="native_supplicant_profile", + function="get_native_supplicant_profile_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['ERSNSPProfile'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("wirelessProfiles", "wireless_profiles"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="native_supplicant_profile", + function="update_native_supplicant_profile_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="native_supplicant_profile", + function="delete_native_supplicant_profile_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NativeSupplicantProfile(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile_info.py b/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile_info.py new file mode 100644 index 00000000..45f45ca2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/native_supplicant_profile_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="native_supplicant_profile", + function='get_native_supplicant_profile_by_id', + params=self.get_object(self._task.args) + ).response['ERSNSPProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="native_supplicant_profile", + function='get_native_supplicant_profile_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules.py b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules.py new file mode 100644 index 00000000..63e8d4bc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules.py @@ -0,0 +1,269 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + identitySourceName=dict(type="str"), + ifAuthFail=dict(type="str"), + ifProcessFail=dict(type="str"), + ifUserNotFound=dict(type="str"), + link=dict(type="dict"), + rule=dict(type="dict"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessAuthenticationRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + identity_source_name=params.get("identitySourceName"), + if_auth_fail=params.get("ifAuthFail"), + if_process_fail=params.get("ifProcessFail"), + if_user_not_found=params.get("ifUserNotFound"), + link=params.get("link"), + rule=params.get("rule"), + policy_id=params.get("policyId"), + id=params.get("id") or params.get("rule", {}).get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_authentication_rules", + function="get_network_access_authentication_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="network_access_authentication_rules", + function="get_network_access_authentication_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("identitySourceName", "identity_source_name"), + ("ifAuthFail", "if_auth_fail"), + ("ifProcessFail", "if_process_fail"), + ("ifUserNotFound", "if_user_not_found"), + ("link", "link"), + ("rule", "rule"), + ("policyId", "policy_id"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_authentication_rules", + function="create_network_access_authentication_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authentication_rules", + function="update_network_access_authentication_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authentication_rules", + function="delete_network_access_authentication_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessAuthenticationRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_info.py new file mode 100644 index 00000000..a8676637 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_authentication_rules", + function='get_network_access_authentication_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_authentication_rules", + function='get_network_access_authentication_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_reset_hitcount.py new file mode 100644 index 00000000..ec714f3f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authentication_rules_reset_hitcount.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_access_authentication_rules", + function="reset_hit_counts_network_access_authentication_rules", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules.py b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules.py new file mode 100644 index 00000000..88996329 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules.py @@ -0,0 +1,269 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + ise_compare_equality2, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + link=dict(type="dict"), + profile=dict(type="list"), + rule=dict(type="dict"), + securityGroup=dict(type="str"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessAuthorizationRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + security_group=params.get("securityGroup"), + policy_id=params.get("policyId"), + id=params.get("id") or params.get("rule", {}).get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_authorization_rules", + function="get_network_access_authorization_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="network_access_authorization_rules", + function="get_network_access_authorization_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("link", "link", False), + ("profile", "profile", False), + ("rule", "rule", False), + ("securityGroup", "security_group", False), + ("policyId", "policy_id", True), + ("id", "id", True), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality2(current_obj.get(ise_param), + requested_obj.get(ansible_param), + is_query_param) + for (ise_param, ansible_param, is_query_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_authorization_rules", + function="create_network_access_authorization_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_rules", + function="update_network_access_authorization_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_rules", + function="delete_network_access_authorization_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessAuthorizationRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + if prev_obj == ise_update_response.response: + response = prev_obj + ise.object_already_present() + else: + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_info.py new file mode 100644 index 00000000..20432e92 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_authorization_rules", + function='get_network_access_authorization_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_authorization_rules", + function='get_network_access_authorization_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_reset_hitcount.py new file mode 100644 index 00000000..8610301f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_authorization_rules_reset_hitcount.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_access_authorization_rules", + function="reset_hit_counts_network_access_authorization_rules", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_conditions.py b/ansible_collections/cisco/ise/plugins/action/network_access_conditions.py new file mode 100644 index 00000000..a8068918 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_conditions.py @@ -0,0 +1,287 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + isNegate=dict(type="bool"), + link=dict(type="dict"), + description=dict(type="str"), + id=dict(type="str"), + name=dict(type="str"), + attributeName=dict(type="str"), + attributeValue=dict(type="str"), + dictionaryName=dict(type="str"), + dictionaryValue=dict(type="str"), + operator=dict(type="str"), + children=dict(type="list"), + datesRange=dict(type="dict"), + datesRangeException=dict(type="dict"), + hoursRange=dict(type="dict"), + hoursRangeException=dict(type="dict"), + weekDays=dict(type="list"), + weekDaysException=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessConditions(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + is_negate=params.get("isNegate"), + link=params.get("link"), + description=params.get("description"), + id=params.get("id"), + name=params.get("name"), + attribute_name=params.get("attributeName"), + attribute_value=params.get("attributeValue"), + dictionary_name=params.get("dictionaryName"), + dictionary_value=params.get("dictionaryValue"), + operator=params.get("operator"), + children=params.get("children"), + dates_range=params.get("datesRange"), + dates_range_exception=params.get("datesRangeException"), + hours_range=params.get("hoursRange"), + hours_range_exception=params.get("hoursRangeException"), + week_days=params.get("weekDays"), + week_days_exception=params.get("weekDaysException"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="network_access_conditions", + function="get_network_access_condition_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_access_conditions", + function="get_network_access_condition_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("isNegate", "is_negate"), + ("link", "link"), + ("description", "description"), + ("id", "id"), + ("name", "name"), + ("attributeName", "attribute_name"), + ("attributeValue", "attribute_value"), + ("dictionaryName", "dictionary_name"), + ("dictionaryValue", "dictionary_value"), + ("operator", "operator"), + ("children", "children"), + ("datesRange", "dates_range"), + ("datesRangeException", "dates_range_exception"), + ("hoursRange", "hours_range"), + ("hoursRangeException", "hours_range_exception"), + ("weekDays", "week_days"), + ("weekDaysException", "week_days_exception"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_conditions", + function="create_network_access_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="network_access_conditions", + function="update_network_access_condition_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="network_access_conditions", + function="update_network_access_condition_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="network_access_conditions", + function="delete_network_access_condition_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="network_access_conditions", + function="delete_network_access_condition_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessConditions(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authentication_rule_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authentication_rule_info.py new file mode 100644 index 00000000..630ae4d4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authentication_rule_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_conditions_for_authentication_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authorization_rule_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authorization_rule_info.py new file mode 100644 index 00000000..66fcf2fd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_authorization_rule_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_conditions_for_authorization_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_policy_set_info.py new file mode 100644 index 00000000..be454029 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_for_policy_set_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_conditions_for_policy_sets', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_conditions_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_info.py new file mode 100644 index 00000000..13d01ddb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_conditions_info.py @@ -0,0 +1,112 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_condition_by_name', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_conditions", + function='get_network_access_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary.py new file mode 100644 index 00000000..b0383b76 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary.py @@ -0,0 +1,235 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + description=dict(type="str"), + dictionaryAttrType=dict(type="str"), + id=dict(type="str"), + link=dict(type="dict"), + name=dict(type="str"), + version=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["name"], True), + ("state", "absent", ["name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessDictionary(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + description=params.get("description"), + dictionary_attr_type=params.get("dictionaryAttrType"), + id=params.get("id"), + link=params.get("link"), + name=params.get("name"), + version=params.get("version"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="network_access_dictionary", + function="get_network_access_dictionary_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("description", "description"), + ("dictionaryAttrType", "dictionary_attr_type"), + ("id", "id"), + ("link", "link"), + ("name", "name"), + ("version", "version"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_dictionary", + function="create_network_access_dictionaries", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not name: + name_ = self.get_object_by_id(id).get("name") + self.new_object.update(dict(name=name_)) + result = self.ise.exec( + family="network_access_dictionary", + function="update_network_access_dictionary_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not name: + name_ = self.get_object_by_id(id).get("name") + self.new_object.update(dict(name=name_)) + result = self.ise.exec( + family="network_access_dictionary", + function="delete_network_access_dictionary_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessDictionary(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute.py new file mode 100644 index 00000000..7636058a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute.py @@ -0,0 +1,232 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + allowedValues=dict(type="list"), + dataType=dict(type="str"), + description=dict(type="str"), + dictionaryName=dict(type="str"), + directionType=dict(type="str"), + id=dict(type="str"), + internalName=dict(type="str"), + name=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["dictionaryName"], True), + ("state", "present", ["name"], True), + ("state", "absent", ["dictionaryName"], True), + ("state", "absent", ["name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessDictionaryAttribute(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + allowed_values=params.get("allowedValues"), + data_type=params.get("dataType"), + description=params.get("description"), + dictionary_name=params.get("dictionaryName"), + direction_type=params.get("directionType"), + id=params.get("id"), + internal_name=params.get("internalName"), + name=params.get("name"), + ) + + def get_object_by_name(self, name, dictionary_name): + try: + result = self.ise.exec( + family="network_access_dictionary_attribute", + function="get_network_access_dictionary_attribute_by_name", + params={"name": name, "dictionary_name": dictionary_name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + dictionary_name = self.new_object.get("dictionary_name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, dictionary_name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("allowedValues", "allowed_values"), + ("dataType", "data_type"), + ("description", "description"), + ("dictionaryName", "dictionary_name"), + ("directionType", "direction_type"), + ("id", "id"), + ("internalName", "internal_name"), + ("name", "name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_dictionary_attribute", + function="create_network_access_dictionary_attribute", + params=self.new_object, + ).response + return result + + def update(self): + result = self.ise.exec( + family="network_access_dictionary_attribute", + function="update_network_access_dictionary_attribute_by_name", + params=self.new_object + ).response + return result + + def delete(self): + result = self.ise.exec( + family="network_access_dictionary_attribute", + function="delete_network_access_dictionary_attribute_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessDictionaryAttribute(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute_info.py new file mode 100644 index 00000000..7eccecf6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attribute_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + dictionaryName=dict(type="str"), + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + dictionary_name=params.get("dictionaryName"), + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if name: + response = ise.exec( + family="network_access_dictionary_attribute", + function='get_network_access_dictionary_attribute_by_name', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_dictionary_attribute", + function='get_network_access_dictionary_attributes_by_dictionary_name', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authentication_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authentication_info.py new file mode 100644 index 00000000..433872fe --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authentication_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_dictionary_attributes_list", + function='get_network_access_dictionaries_authentication', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authorization_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authorization_info.py new file mode 100644 index 00000000..94bb7ea6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_authorization_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_dictionary_attributes_list", + function='get_network_access_dictionaries_authorization', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_policy_set_info.py new file mode 100644 index 00000000..3da3318d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_attributes_policy_set_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_dictionary_attributes_list", + function='get_network_access_dictionaries_policy_set', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_info.py new file mode 100644 index 00000000..e4527b1e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_dictionary_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if name: + response = ise.exec( + family="network_access_dictionary", + function='get_network_access_dictionary_by_name', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_dictionary", + function='get_network_access_dictionaries', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules.py b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules.py new file mode 100644 index 00000000..b2d3e9bc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules.py @@ -0,0 +1,254 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + link=dict(type="dict"), + profile=dict(type="list"), + rule=dict(type="dict"), + securityGroup=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "absent", ["id", "rule"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessGlobalExceptionRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + security_group=params.get("securityGroup"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_authorization_global_exception_rules", + function="get_network_access_policy_set_global_exception_rules", + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_access_authorization_global_exception_rules", + function="get_network_access_policy_set_global_exception_rule_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("link", "link"), + ("profile", "profile"), + ("rule", "rule"), + ("securityGroup", "security_group"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_authorization_global_exception_rules", + function="create_network_access_policy_set_global_exception_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + result = None + if not id: + id_ = self.get_object_by_name(name).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_global_exception_rules", + function="update_network_access_policy_set_global_exception_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + result = None + if not id: + id_ = self.get_object_by_name(name).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_global_exception_rules", + function="delete_network_access_policy_set_global_exception_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessGlobalExceptionRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_info.py new file mode 100644 index 00000000..9f6a065d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_authorization_global_exception_rules", + function='get_network_access_policy_set_global_exception_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_authorization_global_exception_rules", + function='get_network_access_policy_set_global_exception_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..73db9522 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_global_exception_rules_reset_hitcount.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_access_authorization_global_exception_rules", + function="reset_hit_counts_network_access_global_exceptions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_identity_stores_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_identity_stores_info.py new file mode 100644 index 00000000..27a9769d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_identity_stores_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_identity_stores", + function='get_network_access_identity_stores', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules.py b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules.py new file mode 100644 index 00000000..462fd608 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules.py @@ -0,0 +1,263 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + link=dict(type="dict"), + profile=dict(type="list"), + rule=dict(type="dict"), + securityGroup=dict(type="str"), + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "rule"], True), + ("state", "present", ["policyId"], True), + ("state", "absent", ["id", "rule"], True), + ("state", "absent", ["policyId"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessLocalExceptionRules(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + link=params.get("link"), + profile=params.get("profile"), + rule=params.get("rule"), + security_group=params.get("securityGroup"), + policy_id=params.get("policyId"), + id=params.get("id"), + ) + + def get_object_by_name(self, name, policy_id): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_authorization_exception_rules", + function="get_network_access_local_exception_rules", + params={"policy_id": policy_id} + ).response.get('response', []) or [] + for item in items: + if item.get('rule') and item['rule'].get('name') == name and item['rule'].get('id'): + result = dict(item) + return result + return result + + def get_object_by_id(self, id, policy_id): + try: + result = self.ise.exec( + family="network_access_authorization_exception_rules", + function="get_network_access_local_exception_rule_by_id", + handle_func_exception=False, + params={"id": id, "policy_id": policy_id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + name = False + o_id = self.new_object.get("id") + policy_id = self.new_object.get("policy_id") + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + o_id = o_id or self.new_object.get('rule', {}).get("id") + if o_id: + prev_obj = self.get_object_by_id(o_id, policy_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name, policy_id) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get('rule', {}).get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id, policy_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("link", "link"), + ("profile", "profile"), + ("rule", "rule"), + ("securityGroup", "security_group"), + ("policyId", "policy_id"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_authorization_exception_rules", + function="create_network_access_local_exception_rule", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_exception_rules", + function="update_network_access_local_exception_rule_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = False + if self.new_object.get('rule', {}) is not None: + name = self.new_object.get('rule', {}).get("name") + id = id or self.new_object.get('rule', {}).get("id") + policy_id = self.new_object.get("policy_id") + result = None + if not id: + id_ = self.get_object_by_name(name, policy_id).get('rule', {}).get("id") + rule = self.new_object.get('rule', {}) + rule.update(dict(id=id_)) + self.new_object.update(dict(rule=rule, id=id_)) + result = self.ise.exec( + family="network_access_authorization_exception_rules", + function="delete_network_access_local_exception_rule_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessLocalExceptionRules(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_info.py new file mode 100644 index 00000000..f05f7c15 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_authorization_exception_rules", + function='get_network_access_local_exception_rule_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_authorization_exception_rules", + function='get_network_access_local_exception_rules', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_reset_hitcounts.py b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_reset_hitcounts.py new file mode 100644 index 00000000..c575a8c8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_local_exception_rules_reset_hitcounts.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + policyId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + policy_id=params.get("policyId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_access_authorization_exception_rules", + function="reset_hit_counts_network_access_local_exceptions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_network_condition.py b/ansible_collections/cisco/ise/plugins/action/network_access_network_condition.py new file mode 100644 index 00000000..dd223d16 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_network_condition.py @@ -0,0 +1,253 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + description=dict(type="str"), + id=dict(type="str"), + link=dict(type="dict"), + name=dict(type="str"), + deviceList=dict(type="list"), + cliDnisList=dict(type="list"), + ipAddrList=dict(type="list"), + macAddrList=dict(type="list"), + deviceGroupList=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessNetworkCondition(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + description=params.get("description"), + id=params.get("id"), + link=params.get("link"), + name=params.get("name"), + device_list=params.get("deviceList"), + cli_dnis_list=params.get("cliDnisList"), + ip_addr_list=params.get("ipAddrList"), + mac_addr_list=params.get("macAddrList"), + device_group_list=params.get("deviceGroupList"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_network_conditions", + function="get_network_access_network_conditions", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_access_network_conditions", + function="get_network_access_network_condition_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("description", "description"), + ("id", "id"), + ("link", "link"), + ("name", "name"), + ("deviceList", "device_list"), + ("cliDnisList", "cli_dnis_list"), + ("ipAddrList", "ip_addr_list"), + ("macAddrList", "mac_addr_list"), + ("deviceGroupList", "device_group_list"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_network_conditions", + function="create_network_access_network_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_network_conditions", + function="update_network_access_network_condition_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_network_conditions", + function="delete_network_access_network_condition_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessNetworkCondition(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_network_condition_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_network_condition_info.py new file mode 100644 index 00000000..5dbf02a0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_network_condition_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_network_conditions", + function='get_network_access_network_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_network_conditions", + function='get_network_access_network_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_policy_set.py b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set.py new file mode 100644 index 00000000..a11f40f0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set.py @@ -0,0 +1,256 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + condition=dict(type="dict"), + default=dict(type="bool"), + description=dict(type="str"), + hitCounts=dict(type="int"), + id=dict(type="str"), + isProxy=dict(type="bool"), + link=dict(type="dict"), + name=dict(type="str"), + rank=dict(type="int"), + serviceName=dict(type="str"), + state_=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessPolicySet(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition=params.get("condition"), + default=params.get("default"), + description=params.get("description"), + hit_counts=params.get("hitCounts"), + id=params.get("id"), + is_proxy=params.get("isProxy"), + link=params.get("link"), + name=params.get("name"), + rank=params.get("rank"), + service_name=params.get("serviceName"), + state=params.get("state_"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_policy_set", + function="get_network_access_policy_sets", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_access_policy_set", + function="get_network_access_policy_set_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("condition", "condition"), + ("default", "default"), + ("description", "description"), + ("hitCounts", "hit_counts"), + ("id", "id"), + ("isProxy", "is_proxy"), + ("link", "link"), + ("name", "name"), + ("rank", "rank"), + ("serviceName", "service_name"), + ("state_", "state"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_policy_set", + function="create_network_access_policy_set", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_policy_set", + function="update_network_access_policy_set_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_policy_set", + function="delete_network_access_policy_set_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessPolicySet(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_info.py new file mode 100644 index 00000000..6c329de5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_policy_set", + function='get_network_access_policy_set_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_policy_set", + function='get_network_access_policy_sets', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_reset_hitcount.py new file mode 100644 index 00000000..fca1b223 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_policy_set_reset_hitcount.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_access_policy_set", + function="reset_hit_counts_network_access_policy_sets", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_profiles_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_profiles_info.py new file mode 100644 index 00000000..d89bf00a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_profiles_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_profiles", + function='get_network_access_profiles', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_security_groups_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_security_groups_info.py new file mode 100644 index 00000000..8319bac0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_security_groups_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_security_groups", + function='get_network_access_security_groups', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_service_name_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_service_name_info.py new file mode 100644 index 00000000..3e0c7cbb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_service_name_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="network_access_service_names", + function='get_network_access_service_names', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions.py b/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions.py new file mode 100644 index 00000000..65957d07 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions.py @@ -0,0 +1,277 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + conditionType=dict(type="str"), + isNegate=dict(type="bool"), + link=dict(type="dict"), + description=dict(type="str"), + id=dict(type="str"), + name=dict(type="str"), + attributeName=dict(type="str"), + attributeValue=dict(type="str"), + dictionaryName=dict(type="str"), + dictionaryValue=dict(type="str"), + operator=dict(type="str"), + children=dict(type="list"), + datesRange=dict(type="dict"), + datesRangeException=dict(type="dict"), + hoursRange=dict(type="dict"), + hoursRangeException=dict(type="dict"), + weekDays=dict(type="list"), + weekDaysException=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkAccessTimeDateConditions(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + condition_type=params.get("conditionType"), + is_negate=params.get("isNegate"), + link=params.get("link"), + description=params.get("description"), + id=params.get("id"), + name=params.get("name"), + attribute_name=params.get("attributeName"), + attribute_value=params.get("attributeValue"), + dictionary_name=params.get("dictionaryName"), + dictionary_value=params.get("dictionaryValue"), + operator=params.get("operator"), + children=params.get("children"), + dates_range=params.get("datesRange"), + dates_range_exception=params.get("datesRangeException"), + hours_range=params.get("hoursRange"), + hours_range_exception=params.get("hoursRangeException"), + week_days=params.get("weekDays"), + week_days_exception=params.get("weekDaysException"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="network_access_time_date_conditions", + function="get_network_access_time_conditions", + ).response.get('response', []) or [] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_access_time_date_conditions", + function="get_network_access_time_condition_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("conditionType", "condition_type"), + ("isNegate", "is_negate"), + ("link", "link"), + ("description", "description"), + ("id", "id"), + ("name", "name"), + ("attributeName", "attribute_name"), + ("attributeValue", "attribute_value"), + ("dictionaryName", "dictionary_name"), + ("dictionaryValue", "dictionary_value"), + ("operator", "operator"), + ("children", "children"), + ("datesRange", "dates_range"), + ("datesRangeException", "dates_range_exception"), + ("hoursRange", "hours_range"), + ("hoursRangeException", "hours_range_exception"), + ("weekDays", "week_days"), + ("weekDaysException", "week_days_exception"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_access_time_date_conditions", + function="create_network_access_time_condition", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_time_date_conditions", + function="update_network_access_time_condition_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_access_time_date_conditions", + function="delete_network_access_time_condition_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkAccessTimeDateConditions(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions_info.py b/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions_info.py new file mode 100644 index 00000000..5d3f5206 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_access_time_date_conditions_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_access_time_date_conditions", + function='get_network_access_time_condition_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="network_access_time_date_conditions", + function='get_network_access_time_conditions', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device.py b/ansible_collections/cisco/ise/plugins/action/network_device.py new file mode 100644 index 00000000..f5d9636a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device.py @@ -0,0 +1,283 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + authenticationSettings=dict(type="dict"), + snmpsettings=dict(type="dict"), + trustsecsettings=dict(type="dict"), + tacacsSettings=dict(type="dict"), + profileName=dict(type="str"), + coaPort=dict(type="int"), + dtlsDnsName=dict(type="str"), + modelName=dict(type="str"), + softwareVersion=dict(type="str"), + NetworkDeviceIPList=dict(type="list"), + NetworkDeviceGroupList=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkDevice(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + authentication_settings=params.get("authenticationSettings"), + snmpsettings=params.get("snmpsettings"), + trustsecsettings=params.get("trustsecsettings"), + tacacs_settings=params.get("tacacsSettings"), + profile_name=params.get("profileName"), + coa_port=params.get("coaPort"), + dtls_dns_name=params.get("dtlsDnsName"), + model_name=params.get("modelName"), + software_version=params.get("softwareVersion"), + network_device_iplist=params.get("NetworkDeviceIPList"), + network_device_group_list=params.get("NetworkDeviceGroupList"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="network_device", + function="get_network_device_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['NetworkDevice'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_device", + function="get_network_device_by_id", + handle_func_exception=False, + params={"id": id} + ).response['NetworkDevice'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("authenticationSettings", "authentication_settings"), + ("snmpsettings", "snmpsettings"), + ("trustsecsettings", "trustsecsettings"), + ("tacacsSettings", "tacacs_settings"), + ("profileName", "profile_name"), + ("coaPort", "coa_port"), + ("dtlsDnsName", "dtls_dns_name"), + ("modelName", "model_name"), + ("softwareVersion", "software_version"), + ("NetworkDeviceIPList", "network_device_iplist"), + ("NetworkDeviceGroupList", "network_device_group_list"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_device", + function="create_network_device", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="network_device", + function="update_network_device_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="network_device", + function="update_network_device_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="network_device", + function="delete_network_device_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="network_device", + function="delete_network_device_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkDevice(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/network_device_bulk_monitor_status_info.py new file mode 100644 index 00000000..801d0aef --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_device", + function='monitor_bulk_status_network_device', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/network_device_bulk_request.py new file mode 100644 index 00000000..49fb1bd9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="network_device", + function="bulk_request_for_network_device", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device_group.py b/ansible_collections/cisco/ise/plugins/action/network_device_group.py new file mode 100644 index 00000000..8cd682e9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device_group.py @@ -0,0 +1,248 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + othername=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NetworkDeviceGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + othername=params.get("othername"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + query_name = name + if query_name: + query_name = query_name.replace('#', ':') + try: + result = self.ise.exec( + family="network_device_group", + function="get_network_device_group_by_name", + params={"name": query_name}, + handle_func_exception=False, + ).response['NetworkDeviceGroup'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="network_device_group", + function="get_network_device_group_by_id", + handle_func_exception=False, + params={"id": id} + ).response['NetworkDeviceGroup'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("othername", "othername"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="network_device_group", + function="create_network_device_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_device_group", + function="update_network_device_group_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="network_device_group", + function="delete_network_device_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NetworkDeviceGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device_group_info.py b/ansible_collections/cisco/ise/plugins/action/network_device_group_info.py new file mode 100644 index 00000000..739808f9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device_group_info.py @@ -0,0 +1,154 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + if params.get("name"): + params["name"] = params["name"].replace('#', ':') + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_device_group", + function='get_network_device_group_by_id', + params=self.get_object(self._task.args) + ).response['NetworkDeviceGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="network_device_group", + function='get_network_device_group_by_name', + params=self.get_object(self._task.args) + ).response['NetworkDeviceGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="network_device_group", + function='get_network_device_group_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/network_device_info.py b/ansible_collections/cisco/ise/plugins/action/network_device_info.py new file mode 100644 index 00000000..454e7ac3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/network_device_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="network_device", + function='get_network_device_by_id', + params=self.get_object(self._task.args) + ).response['NetworkDevice'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="network_device", + function='get_network_device_by_name', + params=self.get_object(self._task.args) + ).response['NetworkDevice'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="network_device", + function='get_network_device_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_deployment.py b/ansible_collections/cisco/ise/plugins/action/node_deployment.py new file mode 100644 index 00000000..2610dd71 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_deployment.py @@ -0,0 +1,226 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + allowCertImport=dict(type="bool"), + fqdn=dict(type="str"), + password=dict(type="str", no_log=True), + roles=dict(type="list"), + services=dict(type="list"), + userName=dict(type="str"), + hostname=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["hostname"], True), + ("state", "absent", ["hostname"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NodeDeployment(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + allow_cert_import=params.get("allowCertImport"), + fqdn=params.get("fqdn"), + password=params.get("password"), + roles=params.get("roles"), + services=params.get("services"), + user_name=params.get("userName"), + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_deployment", + function="get_node_details", + params={"hostname": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("allowCertImport", "allow_cert_import"), + ("fqdn", "fqdn"), + ("password", "password"), + ("roles", "roles"), + ("services", "services"), + ("userName", "user_name"), + ("hostname", "hostname"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="node_deployment", + function="register_node", + params=self.new_object, + ).response + return result + + def update(self): + result = self.ise.exec( + family="node_deployment", + function="update_node", + params=self.new_object + ).response + return result + + def delete(self): + result = self.ise.exec( + family="node_deployment", + function="delete_node", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeDeployment(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_deployment_info.py b/ansible_collections/cisco/ise/plugins/action/node_deployment_info.py new file mode 100644 index 00000000..7427e473 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_deployment_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + filter=dict(type="list"), + filterType=dict(type="str"), + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + filter=params.get("filter"), + filter_type=params.get("filterType"), + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostname") + if name: + response = ise.exec( + family="node_deployment", + function='get_node_details', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="node_deployment", + function='get_nodes', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_deployment_sync.py b/ansible_collections/cisco/ise/plugins/action/node_deployment_sync.py new file mode 100644 index 00000000..90fcaf23 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_deployment_sync.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="node_deployment", + function="sync_node", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_group.py b/ansible_collections/cisco/ise/plugins/action/node_group.py new file mode 100644 index 00000000..be56fbbf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_group.py @@ -0,0 +1,220 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + description=dict(type="str"), + marCache=dict(type="dict"), + name=dict(type="str"), + nodeGroupName=dict(type="str"), + forceDelete=dict(type="bool"), +)) + +required_if = [ + ("state", "present", ["name", "nodeGroupName"], True), + ("state", "absent", ["name", "nodeGroupName"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NodeGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + description=params.get("description"), + mar_cache=params.get("marCache"), + name=params.get("name"), + node_group_name=params.get("nodeGroupName") or params.get("name"), + force_delete=params.get("forceDelete"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_group", + function="get_node_group", + handle_func_exception=False, + params={"node_group_name": name} + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("node_group_name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("description", "description"), + ("marCache", "mar_cache"), + ("name", "name"), + ("nodeGroupName", "node_group_name"), + ("forceDelete", "force_delete"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="node_group", + function="create_node_group", + params=self.new_object, + ).response + return result + + def update(self): + result = self.ise.exec( + family="node_group", + function="update_node_group", + params=self.new_object + ).response + return result + + def delete(self): + result = self.ise.exec( + family="node_group", + function="delete_node_group", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_group_info.py b/ansible_collections/cisco/ise/plugins/action/node_group_info.py new file mode 100644 index 00000000..91d9a474 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_group_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + nodeGroupName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + node_group_name=params.get("nodeGroupName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("nodeGroupName") + if name: + response = ise.exec( + family="node_group", + function='get_node_group', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="node_group", + function='get_node_groups', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_group_node_create.py b/ansible_collections/cisco/ise/plugins/action/node_group_node_create.py new file mode 100644 index 00000000..e2810770 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_group_node_create.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), + nodeGroupName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + node_group_name=params.get("nodeGroupName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="node_group", + function="add_node", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_group_node_delete.py b/ansible_collections/cisco/ise/plugins/action/node_group_node_delete.py new file mode 100644 index 00000000..a3b33f27 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_group_node_delete.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), + nodeGroupName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + node_group_name=params.get("nodeGroupName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="node_group", + function="remove_node", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_group_node_info.py b/ansible_collections/cisco/ise/plugins/action/node_group_node_info.py new file mode 100644 index 00000000..c2c36914 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_group_node_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + nodeGroupName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + node_group_name=params.get("nodeGroupName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("nodeGroupName") + if name and not id: + response = ise.exec( + family="node_group", + function='get_nodes', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_info.py b/ansible_collections/cisco/ise/plugins/action/node_info.py new file mode 100644 index 00000000..aa02ede7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_info.py @@ -0,0 +1,148 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="node_details", + function='get_node_detail_by_id', + params=self.get_object(self._task.args) + ).response['Node'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="node_details", + function='get_node_detail_by_name', + params=self.get_object(self._task.args) + ).response['Node'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="node_details", + function='get_node_details_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_primary_to_standalone.py b/ansible_collections/cisco/ise/plugins/action/node_primary_to_standalone.py new file mode 100644 index 00000000..af546b5e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_primary_to_standalone.py @@ -0,0 +1,168 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [ + ("hostname"), +], +mutually_exclusive = [] +required_together = [] + + +class NodePrimaryToStandalone(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_deployment", + function="get_node_details", + params={"hostname": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + if "PrimaryAdmin" in current_obj.roles: + return True + return False + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodePrimaryToStandalone(self._task.args, ise) + + name = self._task.args.get("hostname") + + response = None + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = ise.exec( + family="node_deployment", + function="make_standalone", + params=self.get_object(self._task.args), + ).response + ise.object_updated() + else: + if "Standalone" in prev_obj.roles: + ise.result["result"] = "Node is already Standalone" + else: + ise.fail_json("Invoke this API on Primary Node only") + else: + ise.fail_json("No such HostConfig with hostName [{hostname}]".format(hostname=name)) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_promotion.py b/ansible_collections/cisco/ise/plugins/action/node_promotion.py new file mode 100644 index 00000000..be953fd1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_promotion.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + promotionType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + promotion_type=params.get("promotionType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="node_deployment", + function='promote_node', + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_replication_status_info.py b/ansible_collections/cisco/ise/plugins/action/node_replication_status_info.py new file mode 100644 index 00000000..807d9761 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_replication_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + node=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + node=params.get("node"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("node") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="replication_status", + function='get_node_replication_status', + params=self.get_object(self._task.args) + ).response['NodeStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_secondary_to_primary.py b/ansible_collections/cisco/ise/plugins/action/node_secondary_to_primary.py new file mode 100644 index 00000000..9cbd890b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_secondary_to_primary.py @@ -0,0 +1,168 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [ + ("hostname"), +], +mutually_exclusive = [] +required_together = [] + + +class NodeSecondaryToPrimary(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_deployment", + function="get_node_details", + params={"hostname": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + if "SecondaryAdmin" in current_obj.roles: + return True + return False + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeSecondaryToPrimary(self._task.args, ise) + + name = self._task.args.get("hostname") + + response = None + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = ise.exec( + family="node_deployment", + function="promote_node", + params=self.get_object(self._task.args), + ).response + ise.object_updated() + else: + if "PrimaryAdmin" in prev_obj.roles: + ise.result["result"] = "Node is already Primary" + else: + ise.fail_json("Invoke this API on Secondary PAN node only") + else: + ise.fail_json("No such HostConfig with hostName [{hostname}]".format(hostname=name)) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_services_interfaces_info.py b/ansible_collections/cisco/ise/plugins/action/node_services_interfaces_info.py new file mode 100644 index 00000000..62c74180 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_services_interfaces_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostname") + if name: + response = ise.exec( + family="node_services", + function='get_interfaces', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config.py b/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config.py new file mode 100644 index 00000000..71f25d3d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config.py @@ -0,0 +1,219 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + ise_compare_equality2, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + activeDirectory=dict(type="dict"), + dhcp=dict(type="dict"), + dhcpSpan=dict(type="dict"), + dns=dict(type="dict"), + http=dict(type="dict"), + netflow=dict(type="dict"), + nmap=dict(type="list"), + pxgrid=dict(type="list"), + radius=dict(type="list"), + snmpQuery=dict(type="dict"), + snmpTrap=dict(type="dict"), + hostname=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["hostname"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NodeServicesProfilerProbeConfig(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + active_directory=params.get("activeDirectory"), + dhcp=params.get("dhcp"), + dhcp_span=params.get("dhcpSpan"), + dns=params.get("dns"), + http=params.get("http"), + netflow=params.get("netflow"), + nmap=params.get("nmap"), + pxgrid=params.get("pxgrid"), + radius=params.get("radius"), + snmp_query=params.get("snmpQuery"), + snmp_trap=params.get("snmpTrap"), + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_services", + function="get_profiler_probe_config", + params={"hostname": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("activeDirectory", "active_directory", False), + ("dhcp", "dhcp", False), + ("dhcpSpan", "dhcp_span", False), + ("dns", "dns", False), + ("http", "http", False), + ("netflow", "netflow", False), + ("nmap", "nmap", False), + ("pxgrid", "pxgrid", False), + ("radius", "radius", False), + ("snmpQuery", "snmp_query", False), + ("snmpTrap", "snmp_trap", False), + ("hostname", "hostname", True), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality2(current_obj.get(ise_param), + requested_obj.get(ansible_param), + is_query_param) + for (ise_param, ansible_param, is_query_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("hostname") + result = None + if not name: + name_ = self.get_object_by_id(id).get("hostname") + self.new_object.update(dict(name=name_)) + result = self.ise.exec( + family="node_services", + function="set_profiler_probe_config", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeServicesProfilerProbeConfig(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config_info.py b/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config_info.py new file mode 100644 index 00000000..484b1101 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_services_profiler_probe_config_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostname") + if name: + response = ise.exec( + family="node_services", + function='get_profiler_probe_config', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces.py b/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces.py new file mode 100644 index 00000000..622f25e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces.py @@ -0,0 +1,172 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + interface=dict(type="str"), + hostname=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["hostname"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NodeServicesSxpInterfaces(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + interface=params.get("interface"), + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="node_services", + function="get_sxp_interface", + params={"hostname": name} + ).response['response'] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("interface", "interface"), + ("hostname", "hostname"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("hostname") + result = None + result = self.ise.exec( + family="node_services", + function="set_sxp_interface", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeServicesSxpInterfaces(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces_info.py b/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces_info.py new file mode 100644 index 00000000..48f7d019 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_services_sxp_interfaces_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostname") + if not name and not id: + response = ise.exec( + family="node_services", + function='get_sxp_interface', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_standalone_to_primary.py b/ansible_collections/cisco/ise/plugins/action/node_standalone_to_primary.py new file mode 100644 index 00000000..def196c6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_standalone_to_primary.py @@ -0,0 +1,167 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) +required_if = [] +required_one_of = [ + ("hostname"), +], +mutually_exclusive = [] +required_together = [] + + +class NodeStandaloneToPrimary(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + hostname=params.get("hostname"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="node_deployment", + function="get_node_details", + params={"hostname": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("hostname") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + if "Standalone" in current_obj.roles: + return True + return False + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = NodeStandaloneToPrimary(self._task.args, ise) + + name = self._task.args.get("hostname") + + response = None + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = ise.exec( + family="node_deployment", + function="make_primary", + params=self.get_object(self._task.args), + ).response + ise.object_updated() + else: + if "PrimaryAdmin" in prev_obj.roles: + ise.result["result"] = "Node is already Primary" + else: + ise.fail_json("Invoke this API on Standalone Node only") + else: + ise.fail_json("No such HostConfig with hostName [{hostname}]".format(hostname=name)) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/node_sync.py b/ansible_collections/cisco/ise/plugins/action/node_sync.py new file mode 100644 index 00000000..941729eb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/node_sync.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostname=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + hostname=params.get("hostname"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sync_ise_node", + function='sync_node', + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pan_ha.py b/ansible_collections/cisco/ise/plugins/action/pan_ha.py new file mode 100644 index 00000000..2b6ce746 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pan_ha.py @@ -0,0 +1,197 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + isEnabled=dict(type="bool"), + primaryHealthCheckNode=dict(type="str"), + secondaryHealthCheckNode=dict(type="str"), + pollingInterval=dict(type="int"), + failedAttempts=dict(type="int"), +)) + +required_if = [ + ("state", "present", [], True), + ("state", "absent", [], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class PanHa(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + is_enabled=params.get("isEnabled"), + primary_health_check_node=params.get("primaryHealthCheckNode"), + secondary_health_check_node=params.get("secondaryHealthCheckNode"), + polling_interval=params.get("pollingInterval"), + failed_attempts=params.get("failedAttempts"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="pan_ha", + function="get_pan_ha_status" + ).response['response'] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("isEnabled", "is_enabled"), + ("primaryHealthCheckNode", "primary_health_check_node"), + ("secondaryHealthCheckNode", "secondary_health_check_node"), + ("pollingInterval", "polling_interval"), + ("failedAttempts", "failed_attempts"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="pan_ha", + function="enable_pan_ha", + params=self.new_object, + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + result = self.ise.exec( + family="pan_ha", + function="disable_pan_ha", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = PanHa(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = prev_obj + ise.object_present_and_different() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pan_ha_info.py b/ansible_collections/cisco/ise/plugins/action/pan_ha_info.py new file mode 100644 index 00000000..02a4f1b5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pan_ha_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="pan_ha", + function='get_pan_ha_status', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pan_ha_update.py b/ansible_collections/cisco/ise/plugins/action/pan_ha_update.py new file mode 100644 index 00000000..db7f3c14 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pan_ha_update.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + failedAttempts=dict(type="int"), + isEnabled=dict(type="bool"), + pollingInterval=dict(type="int"), + primaryHealthCheckNode=dict(type="dict"), + secondaryHealthCheckNode=dict(type="dict"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + failed_attempts=params.get("failedAttempts"), + is_enabled=params.get("isEnabled"), + polling_interval=params.get("pollingInterval"), + primary_health_check_node=params.get("primaryHealthCheckNode"), + secondary_health_check_node=params.get("secondaryHealthCheckNode"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="pan_ha", + function="update_pan_ha", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/patch_info.py b/ansible_collections/cisco/ise/plugins/action/patch_info.py new file mode 100644 index 00000000..a0493384 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/patch_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="patching", + function='list_installed_patches', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/patch_install.py b/ansible_collections/cisco/ise/plugins/action/patch_install.py new file mode 100644 index 00000000..6e825050 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/patch_install.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + patchName=dict(type="str"), + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + patch_name=params.get("patchName"), + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="patching", + function="install_patch", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/patch_rollback.py b/ansible_collections/cisco/ise/plugins/action/patch_rollback.py new file mode 100644 index 00000000..246845d7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/patch_rollback.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + patchNumber=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + patch_number=params.get("patchNumber"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="patching", + function="rollback_patch", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/personas_check_standalone.py b/ansible_collections/cisco/ise/plugins/action/personas_check_standalone.py new file mode 100644 index 00000000..e6e6668b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/personas_check_standalone.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from urllib.parse import quote +import time +from ansible_collections.cisco.ise.plugins.plugin_utils.personas_utils import Node + +argument_spec = dict( + ip=dict(type="str", required=True), + username=dict(type="str", required=True), + password=dict(type="str", required=True), + hostname=dict(type="str", required=True), + ise_verify=dict(type="bool", default=True), + ise_version=dict(type="str", default="3.1.0"), + ise_wait_on_rate_limit=dict(type="bool", default=True), +) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail( + "ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'" + ) + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + node = Node(dict(ip=self._task.args.get("ip"), + username=self._task.args.get("username"), + password=self._task.args.get("password"), + hostname=self._task.args.get("hostname") + )) + + if not (node.is_standalone() and node.app_server_is_running()): + raise AnsibleActionFail( + "Node {node_name} is not in STANDALONE state or application server is not running.".format( + node_name=node.name + ) + ) + + response = "Node {hostname} is in STANDALONE mode".format(hostname=self._task.args.get("hostname")) + + self._result.update(dict(ise_response=response)) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/personas_export_certs.py b/ansible_collections/cisco/ise/plugins/action/personas_export_certs.py new file mode 100644 index 00000000..a0a3e6d8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/personas_export_certs.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from urllib.parse import quote +import time +from ansible_collections.cisco.ise.plugins.plugin_utils.personas_utils import Node + +argument_spec = dict( + primary_ip=dict(type="str", required=True), + primary_username=dict(type="str", required=True), + primary_password=dict(type="str", required=True), + name=dict(type="str", required=True), + ip=dict(type="str", required=True), + hostname=dict(type="str", required=True), + username=dict(type="str", required=True), + password=dict(type="str", required=True), + ise_verify=dict(type="bool", default=True), + ise_version=dict(type="str", default="3.1.0"), + ise_wait_on_rate_limit=dict(type="bool", default=True), +) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail( + "ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'" + ) + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + primary_node = Node(dict(ip=self._task.args.get("primary_ip"), + username=self._task.args.get("primary_username"), + password=self._task.args.get("primary_password"), + ) + ) + + this_node = Node(dict(name=self._task.args.get("name"), + ip=self._task.args.get("ip"), + hostname=self._task.args.get("hostname"), + username=self._task.args.get("username"), + password=self._task.args.get("password"), + ) + ) + + this_node.import_certificate_into_primary(primary_node) + + response = "The certificate for {hostname} was exported successfully to the primary node".format(hostname=this_node.hostname) + + self._result.update(dict(ise_response=response)) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/personas_promote_primary.py b/ansible_collections/cisco/ise/plugins/action/personas_promote_primary.py new file mode 100644 index 00000000..9de4ae5a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/personas_promote_primary.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from urllib.parse import quote +import time +from ansible_collections.cisco.ise.plugins.plugin_utils.personas_utils import Node + +argument_spec = dict( + ip=dict(type="str", required=True), + username=dict(type="str", required=True), + password=dict(type="str", required=True), + ise_verify=dict(type="bool", default=True), + ise_version=dict(type="str", default="3.1.0"), + ise_wait_on_rate_limit=dict(type="bool", default=True), +) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail( + "ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'" + ) + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + node = Node(dict(ip=self._task.args.get("ip"), + username=self._task.args.get("username"), + password=self._task.args.get("password"), + ) + ) + + node.promote_to_primary() + + response = "Primary node was successfully updated" + + self._result.update(dict(ise_response=response)) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/personas_register_node.py b/ansible_collections/cisco/ise/plugins/action/personas_register_node.py new file mode 100644 index 00000000..708551dd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/personas_register_node.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from urllib.parse import quote +import time +from ansible_collections.cisco.ise.plugins.plugin_utils.personas_utils import Node + +argument_spec = dict( + primary_ip=dict(type="str", required=True), + primary_username=dict(type="str", required=True), + primary_password=dict(type="str", required=True), + fqdn=dict(type="str", required=True), + username=dict(type="str", required=True), + password=dict(type="str", required=True), + roles=dict(type="list", required=True), + services=dict(type="list", required=True), + ise_verify=dict(type="bool", default=True), + ise_version=dict(type="str", default="3.1.0"), + ise_wait_on_rate_limit=dict(type="bool", default=True), +) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail( + "ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'" + ) + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + primary_node = Node(dict(ip=self._task.args.get("primary_ip"), + username=self._task.args.get("primary_username"), + password=self._task.args.get("primary_password"), + ) + ) + + this_node = Node(dict(name=self._task.args.get("name"), + fqdn=self._task.args.get("fqdn"), + username=self._task.args.get("username"), + password=self._task.args.get("password"), + roles=self._task.args.get("roles"), + services=self._task.args.get("services"), + ) + ) + + if primary_node.app_server_is_running(): + this_node.register_to_primary(primary_node) + else: + raise AnsibleActionFail("Application server is not running.") + + response = "Node {fqdn} updated successfully".format(fqdn=self._task.args.get("fqdn")) + + self._result.update(dict(ise_response=response)) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/personas_update_roles_services.py b/ansible_collections/cisco/ise/plugins/action/personas_update_roles_services.py new file mode 100644 index 00000000..bca25ce3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/personas_update_roles_services.py @@ -0,0 +1,115 @@ +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type +from ansible.plugins.action import ActionBase +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from urllib.parse import quote +import time +from ansible_collections.cisco.ise.plugins.plugin_utils.personas_utils import Node +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ise_compare_equality, +) + +argument_spec = dict( + ip=dict(type="str", required=True), + username=dict(type="str", required=True), + password=dict(type="str", required=True), + hostname=dict(type="str", required=True), + roles=dict(type="list", required=True), + services=dict(type="list", required=True), + ise_verify=dict(type="bool", default=True), + ise_version=dict(type="str", default="3.0.0"), + ise_wait_on_rate_limit=dict(type="bool", default=True), # TODO: verify what the true default value should be +) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class NodeDeployment(object): + def requires_update(self, current_obj, requested_obj): + obj_params = [ + ("roles", "roles"), + ("services", "services"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + obj = NodeDeployment() + request_obj = dict(ip=self._task.args.get("ip"), + username=self._task.args.get("username"), + password=self._task.args.get("password"), + hostname=self._task.args.get("hostname"), + roles=self._task.args.get("roles"), + services=self._task.args.get("services"), + ) + node = Node(request_obj) + prev_obj = False + result = dict(changed=False, result="") + response = None + if not node.app_server_is_running(): + raise AnsibleActionFail("Couldn't connect, the node might be still initializing, try again in a few minutes. Error received: 502") + try: + prev_obj = node.get_roles_services() + except Exception as e: + AnsibleActionFail(e) + if prev_obj: + if obj.requires_update(prev_obj, request_obj): + try: + node.update_roles_services() + response = node.get_roles_services() + result["changed"] = True + result["result"] = "Object updated" + except Exception as e: + raise AnsibleActionFail("The node might be still initializing. Error received: {e}".format(e=e)) + else: + response = prev_obj + result["result"] = "Object already present" + self._result.update(dict(ise_response=response)) + self._result.update(result) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/portal_global_setting.py b/ansible_collections/cisco/ise/plugins/action/portal_global_setting.py new file mode 100644 index 00000000..762235af --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/portal_global_setting.py @@ -0,0 +1,219 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + id=dict(type="str"), + customization=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class PortalGlobalSetting(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + customization=params.get("customization"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="portal_global_setting", + function="get_portal_global_settings_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="portal_global_setting", + function="get_portal_global_setting_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['PortalCustomizationGlobalSetting'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("customization", "customization"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="portal_global_setting", + function="update_portal_global_setting_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = PortalGlobalSetting(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/portal_global_setting_info.py b/ansible_collections/cisco/ise/plugins/action/portal_global_setting_info.py new file mode 100644 index 00000000..b27bd26b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/portal_global_setting_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="portal_global_setting", + function='get_portal_global_setting_by_id', + params=self.get_object(self._task.args) + ).response['PortalCustomizationGlobalSetting'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="portal_global_setting", + function='get_portal_global_settings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/portal_info.py b/ansible_collections/cisco/ise/plugins/action/portal_info.py new file mode 100644 index 00000000..3e4a54e7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="portal", + function='get_portal_by_id', + params=self.get_object(self._task.args) + ).response['ERSPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="portal", + function='get_portals_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/portal_theme.py b/ansible_collections/cisco/ise/plugins/action/portal_theme.py new file mode 100644 index 00000000..7b2d2c91 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/portal_theme.py @@ -0,0 +1,261 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + themeData=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class PortalTheme(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + theme_data=params.get("themeData"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="portal_theme", + function="get_portal_themes_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="portal_theme", + function="get_portal_theme_by_id", + handle_func_exception=False, + params={"id": id} + ).response['PortalTheme'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("themeData", "theme_data"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="portal_theme", + function="create_portal_theme", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="portal_theme", + function="update_portal_theme_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="portal_theme", + function="delete_portal_theme_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = PortalTheme(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/portal_theme_info.py b/ansible_collections/cisco/ise/plugins/action/portal_theme_info.py new file mode 100644 index 00000000..ab52db7d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/portal_theme_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="portal_theme", + function='get_portal_theme_by_id', + params=self.get_object(self._task.args) + ).response['PortalTheme'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="portal_theme", + function='get_portal_themes_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/profiler_profile_info.py b/ansible_collections/cisco/ise/plugins/action/profiler_profile_info.py new file mode 100644 index 00000000..50cedbbb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/profiler_profile_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="profiler_profile", + function='get_profiler_profile_by_id', + params=self.get_object(self._task.args) + ).response['ProfilerProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="profiler_profile", + function='get_profiler_profiles_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings.py b/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings.py new file mode 100644 index 00000000..758eebd7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings.py @@ -0,0 +1,183 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + bypassHosts=dict(type="str"), + fqdn=dict(type="str"), + password=dict(type="str", no_log=True), + passwordRequired=dict(type="bool"), + port=dict(type="int"), + userName=dict(type="str"), +)) + +required_if = [ + ("state", "present", [], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ProxyConnectionSettings(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + bypass_hosts=params.get("bypassHosts"), + fqdn=params.get("fqdn"), + password=params.get("password"), + password_required=params.get("passwordRequired"), + port=params.get("port"), + user_name=params.get("userName"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="proxy", + function="get_proxy_connection" + ).response['response'] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("bypassHosts", "bypass_hosts"), + ("fqdn", "fqdn"), + ("password", "password"), + ("passwordRequired", "password_required"), + ("port", "port"), + ("userName", "user_name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + result = self.ise.exec( + family="proxy", + function="update_proxy_connection", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = ProxyConnectionSettings(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings_info.py b/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings_info.py new file mode 100644 index 00000000..629e4373 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/proxy_connection_settings_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="proxy", + function='get_proxy_connection', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/px_grid_node_approve.py b/ansible_collections/cisco/ise/plugins/action/px_grid_node_approve.py new file mode 100644 index 00000000..d1a28a5a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/px_grid_node_approve.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_node", + function="approve_px_grid_node", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/px_grid_node_delete.py b/ansible_collections/cisco/ise/plugins/action/px_grid_node_delete.py new file mode 100644 index 00000000..eff20fc8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/px_grid_node_delete.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_node", + function="delete_px_grid_node_by_name", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/px_grid_node_info.py b/ansible_collections/cisco/ise/plugins/action/px_grid_node_info.py new file mode 100644 index 00000000..20e5bdf5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/px_grid_node_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="px_grid_node", + function='get_px_grid_node_by_id', + params=self.get_object(self._task.args) + ).response['PxgridNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="px_grid_node", + function='get_px_grid_node_by_name', + params=self.get_object(self._task.args) + ).response['PxgridNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="px_grid_node", + function='get_px_grid_node_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/px_grid_settings_auto_approve.py b/ansible_collections/cisco/ise/plugins/action/px_grid_settings_auto_approve.py new file mode 100644 index 00000000..ed674d64 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/px_grid_settings_auto_approve.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + autoApproveCertBasedAccounts=dict(type="bool"), + allowPasswordBasedAccounts=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + auto_approve_cert_based_accounts=params.get("autoApproveCertBasedAccounts"), + allow_password_based_accounts=params.get("allowPasswordBasedAccounts"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_settings", + function="autoapprove_px_grid_settings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_access_secret.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_access_secret.py new file mode 100644 index 00000000..43bbb95f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_access_secret.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + peerNodeName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + peer_node_name=params.get("peerNodeName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="consumer", + function="access_secret", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_account_activate.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_account_activate.py new file mode 100644 index 00000000..8c7e71aa --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_account_activate.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + description=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + description=params.get("description"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="consumer", + function="activate_account", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_account_create.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_account_create.py new file mode 100644 index 00000000..040247a7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_account_create.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + nodeName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + node_name=params.get("nodeName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="consumer", + function="create_account", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_authorization.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_authorization.py new file mode 100644 index 00000000..7ac4e39b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_authorization.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="provider", + function="authorization", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_bindings_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_bindings_info.py new file mode 100644 index 00000000..fba8c50f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_bindings_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="trust_sec_sxp", + function="get_bindings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_matrices_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_matrices_info.py new file mode 100644 index 00000000..51054097 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_matrices_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="trust_sec_configuration", + function="get_egress_matrices", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_policies_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_policies_info.py new file mode 100644 index 00000000..4ef5b302 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_egress_policies_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="trust_sec_configuration", + function="get_egress_policies", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoint_by_mac_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoint_by_mac_info.py new file mode 100644 index 00000000..afcdf865 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoint_by_mac_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="mdm", + function="get_endpoint_by_mac_address", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_os_type_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_os_type_info.py new file mode 100644 index 00000000..0df3187b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_os_type_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="mdm", + function="get_endpoints_by_os_type", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_type_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_type_info.py new file mode 100644 index 00000000..e7508f6d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_by_type_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="mdm", + function="get_endpoints_by_type", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_info.py new file mode 100644 index 00000000..ba538d3a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_endpoints_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="mdm", + function="get_endpoints", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_failures_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_failures_info.py new file mode 100644 index 00000000..14558669 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_failures_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="radius_failure", + function='get_failures', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_healths_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_healths_info.py new file mode 100644 index 00000000..a0ff7012 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_healths_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="system_health", + function="get_healths", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_node_approve.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_approve.py new file mode 100644 index 00000000..d1a28a5a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_approve.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_node", + function="approve_px_grid_node", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_node_delete.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_delete.py new file mode 100644 index 00000000..eff20fc8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_delete.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_node", + function="delete_px_grid_node_by_name", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_node_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_info.py new file mode 100644 index 00000000..20e5bdf5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_node_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="px_grid_node", + function='get_px_grid_node_by_id', + params=self.get_object(self._task.args) + ).response['PxgridNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="px_grid_node", + function='get_px_grid_node_by_name', + params=self.get_object(self._task.args) + ).response['PxgridNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="px_grid_node", + function='get_px_grid_node_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_performances_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_performances_info.py new file mode 100644 index 00000000..9297f8fc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_performances_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="system_health", + function="get_performances", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_profiles_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_profiles_info.py new file mode 100644 index 00000000..ddf5a5ae --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_profiles_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="profiler", + function="get_profiles", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_security_group_acls_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_security_group_acls_info.py new file mode 100644 index 00000000..9f7c69c6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_security_group_acls_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="trust_sec_configuration", + function="get_security_group_acls", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_security_groups_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_security_groups_info.py new file mode 100644 index 00000000..a5e80820 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_security_groups_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="trust_sec_configuration", + function="get_security_groups", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_service_lookup.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_lookup.py new file mode 100644 index 00000000..afc65092 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_lookup.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="consumer", + function="lookup_service", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_service_register.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_register.py new file mode 100644 index 00000000..df3e440c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_register.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="provider", + function="register_service", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_service_reregister.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_reregister.py new file mode 100644 index 00000000..0260f6e6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_reregister.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="provider", + function="reregister_service", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_service_unregister.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_unregister.py new file mode 100644 index 00000000..e245c4d8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_service_unregister.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="provider", + function="unregister_service", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_ip_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_ip_info.py new file mode 100644 index 00000000..82f25569 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_ip_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_session_by_ip_address", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_mac_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_mac_info.py new file mode 100644 index 00000000..17cdf4e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_by_mac_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_session_by_mac_address", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_session_for_recovery_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_for_recovery_info.py new file mode 100644 index 00000000..35c2a0fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_session_for_recovery_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_sessions_for_recovery", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_sessions_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_sessions_info.py new file mode 100644 index 00000000..86316c1b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_sessions_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_sessions", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_settings_auto_approve.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_settings_auto_approve.py new file mode 100644 index 00000000..ed674d64 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_settings_auto_approve.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + autoApproveCertBasedAccounts=dict(type="bool"), + allowPasswordBasedAccounts=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + auto_approve_cert_based_accounts=params.get("autoApproveCertBasedAccounts"), + allow_password_based_accounts=params.get("allowPasswordBasedAccounts"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="px_grid_settings", + function="autoapprove_px_grid_settings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_user_group_by_username_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_user_group_by_username_info.py new file mode 100644 index 00000000..67513d4c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_user_group_by_username_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_user_group_by_user_name", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/pxgrid_user_groups_info.py b/ansible_collections/cisco/ise/plugins/action/pxgrid_user_groups_info.py new file mode 100644 index 00000000..ecfd2bb5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/pxgrid_user_groups_info.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="session_directory", + function="get_user_groups", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/radius_server_sequence.py b/ansible_collections/cisco/ise/plugins/action/radius_server_sequence.py new file mode 100644 index 00000000..ab25c9a5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/radius_server_sequence.py @@ -0,0 +1,294 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + stripPrefix=dict(type="bool"), + stripSuffix=dict(type="bool"), + prefixSeparator=dict(type="str"), + suffixSeparator=dict(type="str"), + remoteAccounting=dict(type="bool"), + localAccounting=dict(type="bool"), + useAttrSetOnRequest=dict(type="bool"), + useAttrSetBeforeAcc=dict(type="bool"), + continueAuthorzPolicy=dict(type="bool"), + RadiusServerList=dict(type="list"), + OnRequestAttrManipulatorList=dict(type="list"), + BeforeAcceptAttrManipulatorsList=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class RadiusServerSequence(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + strip_prefix=params.get("stripPrefix"), + strip_suffix=params.get("stripSuffix"), + prefix_separator=params.get("prefixSeparator"), + suffix_separator=params.get("suffixSeparator"), + remote_accounting=params.get("remoteAccounting"), + local_accounting=params.get("localAccounting"), + use_attr_set_on_request=params.get("useAttrSetOnRequest"), + use_attr_set_before_acc=params.get("useAttrSetBeforeAcc"), + continue_authorz_policy=params.get("continueAuthorzPolicy"), + radius_server_list=params.get("RadiusServerList"), + on_request_attr_manipulator_list=params.get("OnRequestAttrManipulatorList"), + before_accept_attr_manipulators_list=params.get("BeforeAcceptAttrManipulatorsList"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + gen_items_responses = self.ise.exec( + family="radius_server_sequence", + function="get_radius_server_sequence_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="radius_server_sequence", + function="get_radius_server_sequence_by_id", + handle_func_exception=False, + params={"id": id} + ).response['RadiusServerSequence'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("stripPrefix", "strip_prefix"), + ("stripSuffix", "strip_suffix"), + ("prefixSeparator", "prefix_separator"), + ("suffixSeparator", "suffix_separator"), + ("remoteAccounting", "remote_accounting"), + ("localAccounting", "local_accounting"), + ("useAttrSetOnRequest", "use_attr_set_on_request"), + ("useAttrSetBeforeAcc", "use_attr_set_before_acc"), + ("continueAuthorzPolicy", "continue_authorz_policy"), + ("RadiusServerList", "radius_server_list"), + ("OnRequestAttrManipulatorList", "on_request_attr_manipulator_list"), + ("BeforeAcceptAttrManipulatorsList", "before_accept_attr_manipulators_list"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="radius_server_sequence", + function="create_radius_server_sequence", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="radius_server_sequence", + function="update_radius_server_sequence_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="radius_server_sequence", + function="delete_radius_server_sequence_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = RadiusServerSequence(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/radius_server_sequence_info.py b/ansible_collections/cisco/ise/plugins/action/radius_server_sequence_info.py new file mode 100644 index 00000000..821f5ac3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/radius_server_sequence_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="radius_server_sequence", + function='get_radius_server_sequence_by_id', + params=self.get_object(self._task.args) + ).response['RadiusServerSequence'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="radius_server_sequence", + function='get_radius_server_sequence_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/renew_certificate.py b/ansible_collections/cisco/ise/plugins/action/renew_certificate.py new file mode 100644 index 00000000..e8c5aca1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/renew_certificate.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + certType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + cert_type=params.get("certType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="renew_certificates", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/repository.py b/ansible_collections/cisco/ise/plugins/action/repository.py new file mode 100644 index 00000000..0b01c202 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/repository.py @@ -0,0 +1,241 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + protocol=dict(type="str"), + path=dict(type="str"), + password=dict(type="str", no_log=True), + serverName=dict(type="str"), + userName=dict(type="str"), + enablePki=dict(type="bool"), + repositoryName=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["name", "repositoryName"], True), + ("state", "absent", ["name", "repositoryName"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class Repository(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + protocol=params.get("protocol"), + path=params.get("path"), + password=params.get("password"), + server_name=params.get("serverName"), + user_name=params.get("userName"), + enable_pki=params.get("enablePki"), + repository_name=params.get("repositoryName") or params.get("name"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="repository", + function="get_repository", + params={"repository_name": name}, + handle_func_exception=False, + ).response['response'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("repository_name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("protocol", "protocol"), + ("path", "path"), + ("password", "password"), + ("serverName", "server_name"), + ("userName", "user_name"), + ("enablePki", "enable_pki"), + ("repositoryName", "repository_name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="repository", + function="create_repository", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not name: + name_ = self.get_object_by_id(id).get("name") + self.new_object.update(dict(name=name_)) + result = self.ise.exec( + family="repository", + function="update_repository", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not name: + name_ = self.get_object_by_id(id).get("name") + self.new_object.update(dict(name=name_)) + result = self.ise.exec( + family="repository", + function="delete_repository", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = Repository(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/repository_files_info.py b/ansible_collections/cisco/ise/plugins/action/repository_files_info.py new file mode 100644 index 00000000..f41da0ff --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/repository_files_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("repositoryName") + if name: + response = ise.exec( + family="repository", + function='get_repository_files', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="repository", + function='get_repository_files', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/repository_info.py b/ansible_collections/cisco/ise/plugins/action/repository_info.py new file mode 100644 index 00000000..4c27ff60 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/repository_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + repositoryName=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + repository_name=params.get("repositoryName"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("repositoryName") + if name: + response = ise.exec( + family="repository", + function='get_repository', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="repository", + function='get_repositories', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/resource_version_info.py b/ansible_collections/cisco/ise/plugins/action/resource_version_info.py new file mode 100644 index 00000000..4dcf7478 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/resource_version_info.py @@ -0,0 +1,92 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + resource=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + resource=params.get("resource"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="version_info", + function='get_version_info', + params=self.get_object(self._task.args) + ).response['VersionInfo'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/rest_id_store.py b/ansible_collections/cisco/ise/plugins/action/rest_id_store.py new file mode 100644 index 00000000..1e138018 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/rest_id_store.py @@ -0,0 +1,253 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + ersRestIDStoreAttributes=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class RestIdStore(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + ers_rest_idstore_attributes=params.get("ersRestIDStoreAttributes"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="restid_store", + function="get_rest_id_store_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['ERSRestIDStore'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="restid_store", + function="get_rest_id_store_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ERSRestIDStore'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("ersRestIDStoreAttributes", "ers_rest_idstore_attributes"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="restid_store", + function="create_rest_id_store", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="restid_store", + function="update_rest_id_store_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="restid_store", + function="update_rest_id_store_by_name", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if id: + result = self.ise.exec( + family="restid_store", + function="delete_rest_id_store_by_id", + params=self.new_object + ).response + elif name: + result = self.ise.exec( + family="restid_store", + function="delete_rest_id_store_by_name", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = RestIdStore(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/rest_id_store_info.py b/ansible_collections/cisco/ise/plugins/action/rest_id_store_info.py new file mode 100644 index 00000000..64726af7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/rest_id_store_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="restid_store", + function='get_rest_id_store_by_id', + params=self.get_object(self._task.args) + ).response['ERSRestIDStore'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="restid_store", + function='get_rest_id_store_by_name', + params=self.get_object(self._task.args) + ).response['ERSRestIDStore'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="restid_store", + function='get_rest_id_store_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/self_registered_portal.py b/ansible_collections/cisco/ise/plugins/action/self_registered_portal.py new file mode 100644 index 00000000..fb0bf742 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/self_registered_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SelfRegisteredPortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="self_registered_portal", + function="get_self_registered_portals_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="self_registered_portal", + function="get_self_registered_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SelfRegPortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="self_registered_portal", + function="create_self_registered_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="self_registered_portal", + function="update_self_registered_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="self_registered_portal", + function="delete_self_registered_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SelfRegisteredPortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/self_registered_portal_info.py b/ansible_collections/cisco/ise/plugins/action/self_registered_portal_info.py new file mode 100644 index 00000000..d02d0016 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/self_registered_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="self_registered_portal", + function='get_self_registered_portal_by_id', + params=self.get_object(self._task.args) + ).response['SelfRegPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="self_registered_portal", + function='get_self_registered_portals_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/selfsigned_certificate_generate.py b/ansible_collections/cisco/ise/plugins/action/selfsigned_certificate_generate.py new file mode 100644 index 00000000..5c1a29bd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/selfsigned_certificate_generate.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + admin=dict(type="bool"), + allowExtendedValidity=dict(type="bool"), + allowPortalTagTransferForSameSubject=dict(type="bool"), + allowReplacementOfCertificates=dict(type="bool"), + allowReplacementOfPortalGroupTag=dict(type="bool"), + allowRoleTransferForSameSubject=dict(type="bool"), + allowSanDnsBadName=dict(type="bool"), + allowSanDnsNonResolvable=dict(type="bool"), + allowWildCardCertificates=dict(type="bool"), + certificatePolicies=dict(type="str"), + digestType=dict(type="str"), + eap=dict(type="bool"), + expirationTTL=dict(type="int"), + expirationTTLUnit=dict(type="str"), + hostName=dict(type="str"), + keyLength=dict(type="str"), + keyType=dict(type="str"), + name=dict(type="str"), + portal=dict(type="bool"), + portalGroupTag=dict(type="str"), + pxgrid=dict(type="bool"), + radius=dict(type="bool"), + saml=dict(type="bool"), + sanDNS=dict(type="list"), + sanIP=dict(type="list"), + sanURI=dict(type="list"), + subjectCity=dict(type="str"), + subjectCommonName=dict(type="str"), + subjectCountry=dict(type="str"), + subjectOrg=dict(type="str"), + subjectOrgUnit=dict(type="str"), + subjectState=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + admin=params.get("admin"), + allow_extended_validity=params.get("allowExtendedValidity"), + allow_portal_tag_transfer_for_same_subject=params.get("allowPortalTagTransferForSameSubject"), + allow_replacement_of_certificates=params.get("allowReplacementOfCertificates"), + allow_replacement_of_portal_group_tag=params.get("allowReplacementOfPortalGroupTag"), + allow_role_transfer_for_same_subject=params.get("allowRoleTransferForSameSubject"), + allow_san_dns_bad_name=params.get("allowSanDnsBadName"), + allow_san_dns_non_resolvable=params.get("allowSanDnsNonResolvable"), + allow_wild_card_certificates=params.get("allowWildCardCertificates"), + certificate_policies=params.get("certificatePolicies"), + digest_type=params.get("digestType"), + eap=params.get("eap"), + expiration_ttl=params.get("expirationTTL"), + expiration_ttl_unit=params.get("expirationTTLUnit"), + host_name=params.get("hostName"), + key_length=params.get("keyLength"), + key_type=params.get("keyType"), + name=params.get("name"), + portal=params.get("portal"), + portal_group_tag=params.get("portalGroupTag"), + pxgrid=params.get("pxgrid"), + radius=params.get("radius"), + saml=params.get("saml"), + san_dns=params.get("sanDNS"), + san_ip=params.get("sanIP"), + san_uri=params.get("sanURI"), + subject_city=params.get("subjectCity"), + subject_common_name=params.get("subjectCommonName"), + subject_country=params.get("subjectCountry"), + subject_org=params.get("subjectOrg"), + subject_org_unit=params.get("subjectOrgUnit"), + subject_state=params.get("subjectState"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="generate_self_signed_certificate", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/session_service_node_info.py b/ansible_collections/cisco/ise/plugins/action/session_service_node_info.py new file mode 100644 index 00000000..edd33df5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/session_service_node_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="psn_node_details_with_radius_service", + function='get_session_service_node_by_id', + params=self.get_object(self._task.args) + ).response['SessionServiceNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="psn_node_details_with_radius_service", + function='get_session_service_node_by_name', + params=self.get_object(self._task.args) + ).response['SessionServiceNode'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="psn_node_details_with_radius_service", + function='get_session_service_node_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_acl.py b/ansible_collections/cisco/ise/plugins/action/sg_acl.py new file mode 100644 index 00000000..152d6176 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_acl.py @@ -0,0 +1,273 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + generationId=dict(type="str"), + aclcontent=dict(type="str"), + isReadOnly=dict(type="bool"), + modelledContent=dict(type="dict"), + ipVersion=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SgAcl(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + generation_id=params.get("generationId"), + aclcontent=params.get("aclcontent"), + is_read_only=params.get("isReadOnly"), + modelled_content=params.get("modelledContent"), + ip_version=params.get("ipVersion"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="security_groups_acls", + function="get_security_groups_acl_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="security_groups_acls", + function="get_security_groups_acl_by_id", + handle_func_exception=False, + params={"id": id} + ).response['Sgacl'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("generationId", "generation_id"), + ("aclcontent", "aclcontent"), + ("isReadOnly", "is_read_only"), + ("modelledContent", "modelled_content"), + ("ipVersion", "ip_version"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="security_groups_acls", + function="create_security_groups_acl", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_groups_acls", + function="update_security_groups_acl_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_groups_acls", + function="delete_security_groups_acl_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SgAcl(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_monitor_status_info.py new file mode 100644 index 00000000..863c2f4c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_groups_acls", + function='monitor_bulk_status_security_groups_acl', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_request.py new file mode 100644 index 00000000..7cfff24d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_acl_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="security_groups_acls", + function="bulk_request_for_security_groups_acl", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_acl_info.py b/ansible_collections/cisco/ise/plugins/action/sg_acl_info.py new file mode 100644 index 00000000..36b14a20 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_acl_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_groups_acls", + function='get_security_groups_acl_by_id', + params=self.get_object(self._task.args) + ).response['Sgacl'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="security_groups_acls", + function='get_security_groups_acl_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping.py new file mode 100644 index 00000000..288fd80b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping.py @@ -0,0 +1,273 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + sgt=dict(type="str"), + deployTo=dict(type="str"), + deployType=dict(type="str"), + hostName=dict(type="str"), + hostIp=dict(type="str"), + mappingGroup=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SgMapping(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + sgt=params.get("sgt"), + deploy_to=params.get("deployTo"), + deploy_type=params.get("deployType"), + host_name=params.get("hostName"), + host_ip=params.get("hostIp"), + mapping_group=params.get("mappingGroup"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="ip_to_sgt_mapping", + function="get_ip_to_sgt_mapping_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="ip_to_sgt_mapping", + function="get_ip_to_sgt_mapping_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SGMapping'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("sgt", "sgt"), + ("deployTo", "deploy_to"), + ("deployType", "deploy_type"), + ("hostName", "host_name"), + ("hostIp", "host_ip"), + ("mappingGroup", "mapping_group"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="ip_to_sgt_mapping", + function="create_ip_to_sgt_mapping", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="ip_to_sgt_mapping", + function="update_ip_to_sgt_mapping_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="ip_to_sgt_mapping", + function="delete_ip_to_sgt_mapping_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SgMapping(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_monitor_status_info.py new file mode 100644 index 00000000..d7f24202 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="ip_to_sgt_mapping", + function='monitor_bulk_status_ip_to_sgt_mapping', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_request.py new file mode 100644 index 00000000..e82eb637 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping", + function="bulk_request_for_ip_to_sgt_mapping", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy.py new file mode 100644 index 00000000..784a828d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping", + function="deploy_ip_to_sgt_mapping_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_all.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_all.py new file mode 100644 index 00000000..cf72239c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_all.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping", + function="deploy_all_ip_to_sgt_mapping", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_status_info.py new file mode 100644 index 00000000..216014fc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_deploy_status_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="ip_to_sgt_mapping", + function='get_deploy_status_ip_to_sgt_mapping', + params=self.get_object(self._task.args) + ).response['OperationResult'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group.py new file mode 100644 index 00000000..67bac900 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group.py @@ -0,0 +1,264 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + sgt=dict(type="str"), + deployTo=dict(type="str"), + deployType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SgMappingGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + sgt=params.get("sgt"), + deploy_to=params.get("deployTo"), + deploy_type=params.get("deployType"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="ip_to_sgt_mapping_group", + function="get_ip_to_sgt_mapping_group_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="ip_to_sgt_mapping_group", + function="get_ip_to_sgt_mapping_group_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SGMappingGroup'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("sgt", "sgt"), + ("deployTo", "deploy_to"), + ("deployType", "deploy_type"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="ip_to_sgt_mapping_group", + function="create_ip_to_sgt_mapping_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="ip_to_sgt_mapping_group", + function="update_ip_to_sgt_mapping_group_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="ip_to_sgt_mapping_group", + function="delete_ip_to_sgt_mapping_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SgMappingGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_monitor_status_info.py new file mode 100644 index 00000000..567ab2dc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="ip_to_sgt_mapping_group", + function='monitor_bulk_status_ip_to_sgt_mapping_group', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_request.py new file mode 100644 index 00000000..f1830ce0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping_group", + function="bulk_request_for_ip_to_sgt_mapping_group", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy.py new file mode 100644 index 00000000..e9035f0a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping_group", + function="deploy_ip_to_sgt_mapping_group_by_id", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_all.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_all.py new file mode 100644 index 00000000..55c9a7ae --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_all.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="ip_to_sgt_mapping_group", + function="deploy_all_ip_to_sgt_mapping_group", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_status_info.py new file mode 100644 index 00000000..38f02d4e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_deploy_status_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="ip_to_sgt_mapping_group", + function='get_deploy_status_ip_to_sgt_mapping_group', + params=self.get_object(self._task.args) + ).response['OperationResult'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_info.py new file mode 100644 index 00000000..04b67c51 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_group_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="ip_to_sgt_mapping_group", + function='get_ip_to_sgt_mapping_group_by_id', + params=self.get_object(self._task.args) + ).response['SGMappingGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="ip_to_sgt_mapping_group", + function='get_ip_to_sgt_mapping_group_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_mapping_info.py b/ansible_collections/cisco/ise/plugins/action/sg_mapping_info.py new file mode 100644 index 00000000..8d8b0bea --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_mapping_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="ip_to_sgt_mapping", + function='get_ip_to_sgt_mapping_by_id', + params=self.get_object(self._task.args) + ).response['SGMapping'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="ip_to_sgt_mapping", + function='get_ip_to_sgt_mapping_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan.py b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan.py new file mode 100644 index 00000000..243b6d20 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan.py @@ -0,0 +1,264 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + name=dict(type="str"), + description=dict(type="str"), + sgtId=dict(type="str"), + virtualnetworklist=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SgToVnToVlan(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + name=params.get("name"), + description=params.get("description"), + sgt_id=params.get("sgtId"), + virtualnetworklist=params.get("virtualnetworklist"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="security_group_to_virtual_network", + function="get_security_groups_to_vn_to_vlan_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="security_group_to_virtual_network", + function="get_security_groups_to_vn_to_vlan_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SgtVNVlanContainer'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("name", "name"), + ("description", "description"), + ("sgtId", "sgt_id"), + ("virtualnetworklist", "virtualnetworklist"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="security_group_to_virtual_network", + function="create_security_groups_to_vn_to_vlan", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_group_to_virtual_network", + function="update_security_groups_to_vn_to_vlan_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_group_to_virtual_network", + function="delete_security_groups_to_vn_to_vlan_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SgToVnToVlan(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_monitor_status_info.py new file mode 100644 index 00000000..692d4b83 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_group_to_virtual_network", + function='monitor_bulk_status_security_groups_to_vn_to_vlan', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_request.py new file mode 100644 index 00000000..23a48207 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="security_group_to_virtual_network", + function="bulk_request_for_security_groups_to_vn_to_vlan", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_info.py b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_info.py new file mode 100644 index 00000000..b0194ce1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sg_to_vn_to_vlan_info.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_group_to_virtual_network", + function='get_security_groups_to_vn_to_vlan_by_id', + params=self.get_object(self._task.args) + ).response['SgtVNVlanContainer'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="security_group_to_virtual_network", + function='get_security_groups_to_vn_to_vlan_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sgt.py b/ansible_collections/cisco/ise/plugins/action/sgt.py new file mode 100644 index 00000000..6b4c1123 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sgt.py @@ -0,0 +1,274 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + value=dict(type="int"), + generationId=dict(type="str"), + isReadOnly=dict(type="bool"), + propogateToApic=dict(type="bool"), + defaultSGACLs=dict(type="list"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class Sgt(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + value=params.get("value"), + generation_id=params.get("generationId"), + is_read_only=params.get("isReadOnly"), + propogate_to_apic=params.get("propogateToApic"), + default_sgacls=params.get("defaultSGACLs"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="security_groups", + function="get_security_groups_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="security_groups", + function="get_security_group_by_id", + handle_func_exception=False, + params={"id": id} + ).response['Sgt'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + if requested_obj.get("value") and requested_obj.get("value") == -1: + requested_obj["value"] = current_obj.get("value") + obj_params = [ + ("name", "name"), + ("description", "description"), + ("value", "value"), + ("generationId", "generation_id"), + ("isReadOnly", "is_read_only"), + ("propogateToApic", "propogate_to_apic"), + ("defaultSGACLs", "default_sgacls"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="security_groups", + function="create_security_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_groups", + function="update_security_group_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="security_groups", + function="delete_security_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = Sgt(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sgt_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sgt_bulk_monitor_status_info.py new file mode 100644 index 00000000..1ad0b071 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sgt_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_groups", + function='monitor_bulk_status_security_group', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sgt_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sgt_bulk_request.py new file mode 100644 index 00000000..2157144b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sgt_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="security_groups", + function="bulk_request_for_security_group", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sgt_info.py b/ansible_collections/cisco/ise/plugins/action/sgt_info.py new file mode 100644 index 00000000..3c1602e7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sgt_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="security_groups", + function='get_security_group_by_id', + params=self.get_object(self._task.args) + ).response['Sgt'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="security_groups", + function='get_security_groups_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sms_provider_info.py b/ansible_collections/cisco/ise/plugins/action/sms_provider_info.py new file mode 100644 index 00000000..75971faf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sms_provider_info.py @@ -0,0 +1,130 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + responses = [] + generator = ise.exec( + family="sms_provider", + function='get_sms_provider_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsor_group.py b/ansible_collections/cisco/ise/plugins/action/sponsor_group.py new file mode 100644 index 00000000..8bd4bc92 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsor_group.py @@ -0,0 +1,285 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + isEnabled=dict(type="bool"), + isDefaultGroup=dict(type="bool"), + memberGroups=dict(type="list"), + guestTypes=dict(type="list"), + locations=dict(type="list"), + autoNotification=dict(type="bool"), + createPermissions=dict(type="dict"), + managePermission=dict(type="str"), + otherPermissions=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SponsorGroup(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + is_enabled=params.get("isEnabled"), + is_default_group=params.get("isDefaultGroup"), + member_groups=params.get("memberGroups"), + guest_types=params.get("guestTypes"), + locations=params.get("locations"), + auto_notification=params.get("autoNotification"), + create_permissions=params.get("createPermissions"), + manage_permission=params.get("managePermission"), + other_permissions=params.get("otherPermissions"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sponsor_group", + function="get_sponsor_group_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sponsor_group", + function="get_sponsor_group_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SponsorGroup'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("isEnabled", "is_enabled"), + ("isDefaultGroup", "is_default_group"), + ("memberGroups", "member_groups"), + ("guestTypes", "guest_types"), + ("locations", "locations"), + ("autoNotification", "auto_notification"), + ("createPermissions", "create_permissions"), + ("managePermission", "manage_permission"), + ("otherPermissions", "other_permissions"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sponsor_group", + function="create_sponsor_group", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsor_group", + function="update_sponsor_group_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsor_group", + function="delete_sponsor_group_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SponsorGroup(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsor_group_info.py b/ansible_collections/cisco/ise/plugins/action/sponsor_group_info.py new file mode 100644 index 00000000..695b9895 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsor_group_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sponsor_group", + function='get_sponsor_group_by_id', + params=self.get_object(self._task.args) + ).response['SponsorGroup'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sponsor_group", + function='get_sponsor_group_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsor_group_member_info.py b/ansible_collections/cisco/ise/plugins/action/sponsor_group_member_info.py new file mode 100644 index 00000000..4efac6fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsor_group_member_info.py @@ -0,0 +1,130 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + responses = [] + generator = ise.exec( + family="sponsor_group_member", + function='get_sponsor_group_member_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsor_portal.py b/ansible_collections/cisco/ise/plugins/action/sponsor_portal.py new file mode 100644 index 00000000..95a45c1a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsor_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SponsorPortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sponsor_portal", + function="get_sponsor_portal_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sponsor_portal", + function="get_sponsor_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SponsorPortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sponsor_portal", + function="create_sponsor_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsor_portal", + function="update_sponsor_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsor_portal", + function="delete_sponsor_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SponsorPortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsor_portal_info.py b/ansible_collections/cisco/ise/plugins/action/sponsor_portal_info.py new file mode 100644 index 00000000..41ce0dfe --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsor_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sponsor_portal", + function='get_sponsor_portal_by_id', + params=self.get_object(self._task.args) + ).response['SponsorPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sponsor_portal", + function='get_sponsor_portal_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal.py b/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal.py new file mode 100644 index 00000000..437eb6b1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + portalType=dict(type="str"), + portalTestUrl=dict(type="str"), + settings=dict(type="dict"), + customizations=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name", "settings"], True), + ("state", "absent", ["id", "name", "settings"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SponsoredGuestPortal(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + portal_type=params.get("portalType"), + portal_test_url=params.get("portalTestUrl"), + settings=params.get("settings"), + customizations=params.get("customizations"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sponsored_guest_portal", + function="get_sponsored_guest_portals_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sponsored_guest_portal", + function="get_sponsored_guest_portal_by_id", + handle_func_exception=False, + params={"id": id} + ).response['SponsoredGuestPortal'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("portalType", "portal_type"), + ("portalTestUrl", "portal_test_url"), + ("settings", "settings"), + ("customizations", "customizations"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sponsored_guest_portal", + function="create_sponsored_guest_portal", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsored_guest_portal", + function="update_sponsored_guest_portal_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sponsored_guest_portal", + function="delete_sponsored_guest_portal_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SponsoredGuestPortal(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal_info.py b/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal_info.py new file mode 100644 index 00000000..732d3e77 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sponsored_guest_portal_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sponsored_guest_portal", + function='get_sponsored_guest_portal_by_id', + params=self.get_object(self._task.args) + ).response['SponsoredGuestPortal'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sponsored_guest_portal", + function='get_sponsored_guest_portals_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/support_bundle.py b/ansible_collections/cisco/ise/plugins/action/support_bundle.py new file mode 100644 index 00000000..73e925af --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/support_bundle.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + description=dict(type="str"), + hostName=dict(type="str"), + supportBundleIncludeOptions=dict(type="dict"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + description=params.get("description"), + host_name=params.get("hostName"), + support_bundle_include_options=params.get("supportBundleIncludeOptions"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="support_bundle_trigger_configuration", + function="create_support_bundle", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/support_bundle_download.py b/ansible_collections/cisco/ise/plugins/action/support_bundle_download.py new file mode 100644 index 00000000..e21df3e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/support_bundle_download.py @@ -0,0 +1,100 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + fileName=dict(type="str"), + dirPath=dict(type="str"), + saveFile=dict(type="bool"), + filename=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + file_name=params.get("fileName"), + dirpath=params.get("dirPath"), + save_file=params.get("saveFile"), + filename=params.get("filename"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + download_response = ise.exec( + family="support_bundle_download", + function="download_support_bundle", + params=self.get_object(self._task.args), + ) + response = dict( + data=download_response.data.decode(encoding='utf-8'), + filename=download_response.filename, + dirpath=download_response.dirpath, + path=download_response.path, + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/support_bundle_status_info.py b/ansible_collections/cisco/ise/plugins/action/support_bundle_status_info.py new file mode 100644 index 00000000..34f77c21 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/support_bundle_status_info.py @@ -0,0 +1,133 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="support_bundle_status", + function='get_support_bundle_status_by_id', + params=self.get_object(self._task.args) + ).response['SBStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="support_bundle_status", + function='get_support_bundle_status_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_connections.py b/ansible_collections/cisco/ise/plugins/action/sxp_connections.py new file mode 100644 index 00000000..1ad726f4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_connections.py @@ -0,0 +1,275 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + description=dict(type="str"), + sxpPeer=dict(type="str"), + sxpVpn=dict(type="str"), + sxpNode=dict(type="str"), + ipAddress=dict(type="str"), + sxpMode=dict(type="str"), + sxpVersion=dict(type="str"), + enabled=dict(type="bool"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "absent", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SxpConnections(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + description=params.get("description"), + sxp_peer=params.get("sxpPeer"), + sxp_vpn=params.get("sxpVpn"), + sxp_node=params.get("sxpNode"), + ip_address=params.get("ipAddress"), + sxp_mode=params.get("sxpMode"), + sxp_version=params.get("sxpVersion"), + enabled=params.get("enabled"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sxp_connections", + function="get_sxp_connections_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sxp_connections", + function="get_sxp_connections_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ERSSxpConnection'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("description", "description"), + ("sxpPeer", "sxp_peer"), + ("sxpVpn", "sxp_vpn"), + ("sxpNode", "sxp_node"), + ("ipAddress", "ip_address"), + ("sxpMode", "sxp_mode"), + ("sxpVersion", "sxp_version"), + ("enabled", "enabled"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sxp_connections", + function="create_sxp_connections", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sxp_connections", + function="update_sxp_connections_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sxp_connections", + function="delete_sxp_connections_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SxpConnections(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_monitor_status_info.py new file mode 100644 index 00000000..3376e2f7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_connections", + function='monitor_bulk_status_sxp_connections', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_request.py new file mode 100644 index 00000000..ff5ab9c1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_connections_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sxp_connections", + function="bulk_request_for_sxp_connections", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_connections_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_connections_info.py new file mode 100644 index 00000000..55411cb9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_connections_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_connections", + function='get_sxp_connections_by_id', + params=self.get_object(self._task.args) + ).response['ERSSxpConnection'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sxp_connections", + function='get_sxp_connections_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings.py b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings.py new file mode 100644 index 00000000..10451d9b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings.py @@ -0,0 +1,270 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + description=dict(type="str"), + bindingName=dict(type="str"), + ipAddressOrHost=dict(type="str"), + sxpVpn=dict(type="str"), + sgt=dict(type="str"), + vns=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id"], True), + ("state", "absent", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SxpLocalBindings(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + description=params.get("description"), + binding_name=params.get("bindingName"), + ip_address_or_host=params.get("ipAddressOrHost"), + sxp_vpn=params.get("sxpVpn"), + sgt=params.get("sgt"), + vns=params.get("vns"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sxp_local_bindings", + function="get_sxp_local_bindings_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sxp_local_bindings", + function="get_sxp_local_bindings_by_id", + handle_func_exception=False, + params={"id": id} + ).response['ERSSxpLocalBindings'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("description", "description"), + ("bindingName", "binding_name"), + ("ipAddressOrHost", "ip_address_or_host"), + ("sxpVpn", "sxp_vpn"), + ("sgt", "sgt"), + ("vns", "vns"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sxp_local_bindings", + function="create_sxp_local_bindings", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sxp_local_bindings", + function="update_sxp_local_bindings_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sxp_local_bindings", + function="delete_sxp_local_bindings_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SxpLocalBindings(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_monitor_status_info.py new file mode 100644 index 00000000..da9fe0d1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_local_bindings", + function='monitor_bulk_status_sxp_local_bindings', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_request.py new file mode 100644 index 00000000..ff23aa0d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sxp_local_bindings", + function="bulk_request_for_sxp_local_bindings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_info.py new file mode 100644 index 00000000..e2856ee0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_local_bindings_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_local_bindings", + function='get_sxp_local_bindings_by_id', + params=self.get_object(self._task.args) + ).response['ERSSxpLocalBindings'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sxp_local_bindings", + function='get_sxp_local_bindings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_vpns.py b/ansible_collections/cisco/ise/plugins/action/sxp_vpns.py new file mode 100644 index 00000000..e9021d46 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_vpns.py @@ -0,0 +1,227 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + sxpVpnName=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "absent", ["id"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SxpVpns(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + sxp_vpn_name=params.get("sxpVpnName"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sxp_vpns", + function="get_sxp_vpns_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['SearchResult']['resources'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sxp_vpns", + function="get_sxp_vpn_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['ERSSxpVpn'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("sxpVpnName", "sxp_vpn_name"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sxp_vpns", + function="create_sxp_vpn", + params=self.new_object, + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sxp_vpns", + function="delete_sxp_vpn_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SxpVpns(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + response = prev_obj + ise.object_present_and_different() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_monitor_status_info.py new file mode 100644 index 00000000..74a8cf9d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_monitor_status_info.py @@ -0,0 +1,98 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + bulkid=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + bulkid=params.get("bulkid"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("bulkid") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_vpns", + function='monitor_bulk_status_sxp_vpns', + params=self.get_object(self._task.args) + ).response['BulkStatus'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_request.py b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_request.py new file mode 100644 index 00000000..391deb4c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_bulk_request.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + operationType=dict(type="str"), + resourceMediaType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + operation_type=params.get("operationType"), + resource_media_type=params.get("resourceMediaType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sxp_vpns", + function="bulk_request_for_sxp_vpns", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/sxp_vpns_info.py b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_info.py new file mode 100644 index 00000000..ca26ec9b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/sxp_vpns_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + filter=dict(type="list"), + filterType=dict(type="str"), + sortasc=dict(type="str"), + sortdsc=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + sortasc=params.get("sortasc"), + sortdsc=params.get("sortdsc"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sxp_vpns", + function='get_sxp_vpn_by_id', + params=self.get_object(self._task.args) + ).response['ERSSxpVpn'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sxp_vpns", + function='get_sxp_vpns_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_certificate.py b/ansible_collections/cisco/ise/plugins/action/system_certificate.py new file mode 100644 index 00000000..0ca92628 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_certificate.py @@ -0,0 +1,268 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + admin=dict(type="bool"), + allowPortalTagTransferForSameSubject=dict(type="bool"), + allowReplacementOfPortalGroupTag=dict(type="bool"), + allowRoleTransferForSameSubject=dict(type="bool"), + description=dict(type="str"), + eap=dict(type="bool"), + expirationTTLPeriod=dict(type="int"), + expirationTTLUnits=dict(type="str"), + ims=dict(type="bool"), + name=dict(type="str"), + portal=dict(type="bool"), + portalGroupTag=dict(type="str"), + pxgrid=dict(type="bool"), + radius=dict(type="bool"), + renewSelfSignedCertificate=dict(type="bool"), + saml=dict(type="bool"), + id=dict(type="str"), + hostName=dict(type="str"), + allowWildcardDelete=dict(type="bool"), +)) + +required_if = [ + ("state", "present", ["hostName"], True), + ("state", "present", ["id", "name"], True), + ("state", "present", ["hostName"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class SystemCertificate(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + admin=params.get("admin"), + allow_portal_tag_transfer_for_same_subject=params.get("allowPortalTagTransferForSameSubject"), + allow_replacement_of_portal_group_tag=params.get("allowReplacementOfPortalGroupTag"), + allow_role_transfer_for_same_subject=params.get("allowRoleTransferForSameSubject"), + description=params.get("description"), + eap=params.get("eap"), + expiration_ttl_period=params.get("expirationTTLPeriod"), + expiration_ttl_units=params.get("expirationTTLUnits"), + ims=params.get("ims"), + name=params.get("name"), + portal=params.get("portal"), + portal_group_tag=params.get("portalGroupTag"), + pxgrid=params.get("pxgrid"), + radius=params.get("radius"), + renew_self_signed_certificate=params.get("renewSelfSignedCertificate"), + saml=params.get("saml"), + id=params.get("id"), + host_name=params.get("hostName"), + allow_wildcard_delete=params.get("allowWildcardDelete"), + ) + + def get_object_by_name(self, name, host_name): + result = None + gen_items_responses = self.ise.exec( + family="certificates", + function="get_system_certificates_generator", + params={"host_name": host_name} + ) + try: + for items_response in gen_items_responses: + items = items_response.response.get('response', []) or [] + result = get_dict_result(items, 'friendlyName', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id, host_name): + try: + result = self.ise.exec( + family="certificates", + function="get_system_certificate_by_id", + params={"id": id, "host_name": host_name}, + handle_func_exception=False, + ).response + except Exception as e: + result = None + return result + + def exists(self): + prev_obj = None + result = False + id = self.new_object.get("id") + name = self.new_object.get("name") + host_name = self.new_object.get("host_name") + if id: + prev_obj = self.get_object_by_id(id, host_name) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name, host_name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("admin", "admin"), + ("allowPortalTagTransferForSameSubject", "allow_portal_tag_transfer_for_same_subject"), + ("allowReplacementOfPortalGroupTag", "allow_replacement_of_portal_group_tag"), + ("allowRoleTransferForSameSubject", "allow_role_transfer_for_same_subject"), + ("description", "description"), + ("eap", "eap"), + ("expirationTTLPeriod", "expiration_ttl_period"), + ("expirationTTLUnits", "expiration_ttl_units"), + ("ims", "ims"), + ("name", "name"), + ("portal", "portal"), + ("portalGroupTag", "portal_group_tag"), + ("pxgrid", "pxgrid"), + ("radius", "radius"), + ("renewSelfSignedCertificate", "renew_self_signed_certificate"), + ("saml", "saml"), + ("id", "id"), + ("hostName", "host_name"), + ("allowWildcardDelete", "allow_wildcard_delete"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + host_name = self.new_object.get("host_name") + result = None + if not id: + id_ = self.get_object_by_name(name, host_name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="certificates", + function="update_system_certificate", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + host_name = self.new_object.get("host_name") + result = None + if not id: + id_ = self.get_object_by_name(name, host_name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="certificates", + function="delete_system_certificate_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = SystemCertificate(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_certificate_create.py b/ansible_collections/cisco/ise/plugins/action/system_certificate_create.py new file mode 100644 index 00000000..0b47847a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_certificate_create.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + nodeId=dict(type="str"), + ersLocalCertStub=dict(type="dict"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + node_id=params.get("nodeId"), + ers_local_cert_stub=params.get("ersLocalCertStub"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="system_certificate", + function="create_system_certificate", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_certificate_export_info.py b/ansible_collections/cisco/ise/plugins/action/system_certificate_export_info.py new file mode 100644 index 00000000..6922b5a9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_certificate_export_info.py @@ -0,0 +1,106 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + export=dict(type="str"), + id=dict(type="str"), + password=dict(type="str", no_log=True), + dirPath=dict(type="str"), + saveFile=dict(type="bool"), + filename=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + export=params.get("export"), + id=params.get("id"), + password=params.get("password"), + dirpath=params.get("dirPath"), + save_file=params.get("saveFile"), + filename=params.get("filename"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + download_response = ise.exec( + family="certificates", + function="export_system_certificate", + params=self.get_object(self._task.args), + ) + response = dict( + data=download_response.data.decode(encoding='utf-8'), + filename=download_response.filename, + dirpath=download_response.dirpath, + path=download_response.path, + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_certificate_import.py b/ansible_collections/cisco/ise/plugins/action/system_certificate_import.py new file mode 100644 index 00000000..51050e3e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_certificate_import.py @@ -0,0 +1,128 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + admin=dict(type="bool"), + allowExtendedValidity=dict(type="bool"), + allowOutOfDateCert=dict(type="bool"), + allowPortalTagTransferForSameSubject=dict(type="bool"), + allowReplacementOfCertificates=dict(type="bool"), + allowReplacementOfPortalGroupTag=dict(type="bool"), + allowRoleTransferForSameSubject=dict(type="bool"), + allowSHA1Certificates=dict(type="bool"), + allowWildCardCertificates=dict(type="bool"), + data=dict(type="str"), + eap=dict(type="bool"), + ims=dict(type="bool"), + name=dict(type="str"), + password=dict(type="str", no_log=True), + portal=dict(type="bool"), + portalGroupTag=dict(type="str"), + privateKeyData=dict(type="str"), + pxgrid=dict(type="bool"), + radius=dict(type="bool"), + saml=dict(type="bool"), + validateCertificateExtensions=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + admin=params.get("admin"), + allow_extended_validity=params.get("allowExtendedValidity"), + allow_out_of_date_cert=params.get("allowOutOfDateCert"), + allow_portal_tag_transfer_for_same_subject=params.get("allowPortalTagTransferForSameSubject"), + allow_replacement_of_certificates=params.get("allowReplacementOfCertificates"), + allow_replacement_of_portal_group_tag=params.get("allowReplacementOfPortalGroupTag"), + allow_role_transfer_for_same_subject=params.get("allowRoleTransferForSameSubject"), + allow_sha1_certificates=params.get("allowSHA1Certificates"), + allow_wild_card_certificates=params.get("allowWildCardCertificates"), + data=params.get("data"), + eap=params.get("eap"), + ims=params.get("ims"), + name=params.get("name"), + password=params.get("password"), + portal=params.get("portal"), + portal_group_tag=params.get("portalGroupTag"), + private_key_data=params.get("privateKeyData"), + pxgrid=params.get("pxgrid"), + radius=params.get("radius"), + saml=params.get("saml"), + validate_certificate_extensions=params.get("validateCertificateExtensions"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="import_system_certificate", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_certificate_info.py b/ansible_collections/cisco/ise/plugins/action/system_certificate_info.py new file mode 100644 index 00000000..5f1d0e7c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_certificate_info.py @@ -0,0 +1,152 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + hostName=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + host_name=params.get("hostName"), + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("hostName") + if id: + response = ise.exec( + family="certificates", + function='get_system_certificate_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="certificates", + function='get_system_certificates', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="certificates", + function='get_system_certificates_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/system_config_version_info.py b/ansible_collections/cisco/ise/plugins/action/system_config_version_info.py new file mode 100644 index 00000000..17a4d3e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/system_config_version_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="version_and_patch", + function='get_ise_version_and_patch', + params=self.get_object(self._task.args) + ).response['OperationResult'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets.py b/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets.py new file mode 100644 index 00000000..471cd6b7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets.py @@ -0,0 +1,248 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + permitUnmatched=dict(type="bool"), + commands=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TacacsCommandSets(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + permit_unmatched=params.get("permitUnmatched"), + commands=params.get("commands"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="tacacs_command_sets", + function="get_tacacs_command_sets_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['TacacsCommandSets'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="tacacs_command_sets", + function="get_tacacs_command_sets_by_id", + handle_func_exception=False, + params={"id": id} + ).response['TacacsCommandSets'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("permitUnmatched", "permit_unmatched"), + ("commands", "commands"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="tacacs_command_sets", + function="create_tacacs_command_sets", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_command_sets", + function="update_tacacs_command_sets_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_command_sets", + function="delete_tacacs_command_sets_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TacacsCommandSets(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets_info.py b/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets_info.py new file mode 100644 index 00000000..7df402af --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_command_sets_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="tacacs_command_sets", + function='get_tacacs_command_sets_by_id', + params=self.get_object(self._task.args) + ).response['TacacsCommandSets'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="tacacs_command_sets", + function='get_tacacs_command_sets_by_name', + params=self.get_object(self._task.args) + ).response['TacacsCommandSets'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="tacacs_command_sets", + function='get_tacacs_command_sets_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers.py b/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers.py new file mode 100644 index 00000000..60c07d1d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers.py @@ -0,0 +1,257 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + hostIP=dict(type="str"), + connectionPort=dict(type="int"), + singleConnect=dict(type="bool"), + sharedSecret=dict(type="str"), + timeout=dict(type="int"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TacacsExternalServers(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + host_ip=params.get("hostIP"), + connection_port=params.get("connectionPort"), + single_connect=params.get("singleConnect"), + shared_secret=params.get("sharedSecret"), + timeout=params.get("timeout"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="tacacs_external_servers", + function="get_tacacs_external_servers_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['TacacsExternalServer'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="tacacs_external_servers", + function="get_tacacs_external_servers_by_id", + handle_func_exception=False, + params={"id": id} + ).response['TacacsExternalServer'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("hostIP", "host_ip"), + ("connectionPort", "connection_port"), + ("singleConnect", "single_connect"), + ("sharedSecret", "shared_secret"), + ("timeout", "timeout"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="tacacs_external_servers", + function="create_tacacs_external_servers", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_external_servers", + function="update_tacacs_external_servers_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_external_servers", + function="delete_tacacs_external_servers_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TacacsExternalServers(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers_info.py b/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers_info.py new file mode 100644 index 00000000..e64bf2d8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_external_servers_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="tacacs_external_servers", + function='get_tacacs_external_servers_by_id', + params=self.get_object(self._task.args) + ).response['TacacsExternalServer'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="tacacs_external_servers", + function='get_tacacs_external_servers_by_name', + params=self.get_object(self._task.args) + ).response['TacacsExternalServer'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="tacacs_external_servers", + function='get_tacacs_external_servers_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_profile.py b/ansible_collections/cisco/ise/plugins/action/tacacs_profile.py new file mode 100644 index 00000000..d87faab8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_profile.py @@ -0,0 +1,245 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + sessionAttributes=dict(type="dict"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TacacsProfile(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + session_attributes=params.get("sessionAttributes"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="tacacs_profile", + function="get_tacacs_profile_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['TacacsProfile'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="tacacs_profile", + function="get_tacacs_profile_by_id", + handle_func_exception=False, + params={"id": id} + ).response['TacacsProfile'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("sessionAttributes", "session_attributes"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="tacacs_profile", + function="create_tacacs_profile", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_profile", + function="update_tacacs_profile_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_profile", + function="delete_tacacs_profile_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TacacsProfile(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_profile_info.py b/ansible_collections/cisco/ise/plugins/action/tacacs_profile_info.py new file mode 100644 index 00000000..d48f8753 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_profile_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="tacacs_profile", + function='get_tacacs_profile_by_id', + params=self.get_object(self._task.args) + ).response['TacacsProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="tacacs_profile", + function='get_tacacs_profile_by_name', + params=self.get_object(self._task.args) + ).response['TacacsProfile'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="tacacs_profile", + function='get_tacacs_profile_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence.py b/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence.py new file mode 100644 index 00000000..3292d948 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence.py @@ -0,0 +1,263 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + name=dict(type="str"), + description=dict(type="str"), + serverList=dict(type="str"), + localAccounting=dict(type="bool"), + remoteAccounting=dict(type="bool"), + prefixStrip=dict(type="bool"), + prefixDelimiter=dict(type="str"), + suffixStrip=dict(type="bool"), + suffixDelimiter=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TacacsServerSequence(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + name=params.get("name"), + description=params.get("description"), + server_list=params.get("serverList"), + local_accounting=params.get("localAccounting"), + remote_accounting=params.get("remoteAccounting"), + prefix_strip=params.get("prefixStrip"), + prefix_delimiter=params.get("prefixDelimiter"), + suffix_strip=params.get("suffixStrip"), + suffix_delimiter=params.get("suffixDelimiter"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + try: + result = self.ise.exec( + family="tacacs_server_sequence", + function="get_tacacs_server_sequence_by_name", + params={"name": name}, + handle_func_exception=False, + ).response['TacacsServerSequence'] + result = get_dict_result(result, 'name', name) + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="tacacs_server_sequence", + function="get_tacacs_server_sequence_by_id", + handle_func_exception=False, + params={"id": id} + ).response['TacacsServerSequence'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + result = False + prev_obj = None + id = self.new_object.get("id") + name = self.new_object.get("name") + if id: + prev_obj = self.get_object_by_id(id) + result = prev_obj is not None and isinstance(prev_obj, dict) + elif name: + prev_obj = self.get_object_by_name(name) + result = prev_obj is not None and isinstance(prev_obj, dict) + return (result, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("name", "name"), + ("description", "description"), + ("serverList", "server_list"), + ("localAccounting", "local_accounting"), + ("remoteAccounting", "remote_accounting"), + ("prefixStrip", "prefix_strip"), + ("prefixDelimiter", "prefix_delimiter"), + ("suffixStrip", "suffix_strip"), + ("suffixDelimiter", "suffix_delimiter"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="tacacs_server_sequence", + function="create_tacacs_server_sequence", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_server_sequence", + function="update_tacacs_server_sequence_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="tacacs_server_sequence", + function="delete_tacacs_server_sequence_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TacacsServerSequence(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + has_changed = None + has_changed = ise_update_response.get("UpdatedFieldsList").get("updatedField") + if (len(has_changed) == 0 or + has_changed[0].get("newValue") == "" and + has_changed[0].get("newValue") == has_changed[0].get("oldValue")): + self._result.pop("ise_update_response", None) + ise.object_already_present() + else: + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence_info.py b/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence_info.py new file mode 100644 index 00000000..6b3cee9f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tacacs_server_sequence_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + name=dict(type="str"), + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + name=params.get("name"), + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="tacacs_server_sequence", + function='get_tacacs_server_sequence_by_id', + params=self.get_object(self._task.args) + ).response['TacacsServerSequence'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if name: + response = ise.exec( + family="tacacs_server_sequence", + function='get_tacacs_server_sequence_by_name', + params=self.get_object(self._task.args) + ).response['TacacsServerSequence'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="tacacs_server_sequence", + function='get_tacacs_server_sequence_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/tasks_info.py b/ansible_collections/cisco/ise/plugins/action/tasks_info.py new file mode 100644 index 00000000..a99af781 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/tasks_info.py @@ -0,0 +1,101 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + taskId=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + task_id=params.get("taskId"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("taskId") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="tasks", + function='get_task_status_by_id', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + response = ise.exec( + family="tasks", + function='get_task_status', + params=self.get_object(self._task.args) + ).response + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/telemetry_info.py b/ansible_collections/cisco/ise/plugins/action/telemetry_info.py new file mode 100644 index 00000000..c2981dff --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/telemetry_info.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + page=dict(type="int"), + size=dict(type="int"), + filter=dict(type="list"), + filterType=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + page=params.get("page"), + size=params.get("size"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="telemetry_information", + function='get_telemetry_info_by_id', + params=self.get_object(self._task.args) + ).response['TelemetryInfo'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="telemetry_information", + function='get_telemetry_information_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['SearchResult']['resources'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/threat_vulnerabilities_clear.py b/ansible_collections/cisco/ise/plugins/action/threat_vulnerabilities_clear.py new file mode 100644 index 00000000..6360671d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/threat_vulnerabilities_clear.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + macAddresses=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + mac_addresses=params.get("macAddresses"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="clear_threats_and_vulnerabilities", + function="clear_threats_and_vulnerabilities", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings.py b/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings.py new file mode 100644 index 00000000..10555db0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present"]), + enableTransportGateway=dict(type="bool"), + url=dict(type="str"), +)) + +required_if = [ + ("state", "present", [], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TransportGatewaySettings(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + enable_transport_gateway=params.get("enableTransportGateway"), + url=params.get("url"), + ) + + def get_object_by_name(self, name): + # NOTICE: Does not have a get by name method or it is in another action + result = None + items = self.ise.exec( + family="telemetry", + function="get_transport_gateway" + ).response['response'] + result = get_dict_result(items, 'name', name) + return result + + def get_object_by_id(self, id): + # NOTICE: Does not have a get by id method or it is in another action + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("enableTransportGateway", "enable_transport_gateway"), + ("url", "url"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + result = self.ise.exec( + family="telemetry", + function="update_transport_gateway", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TransportGatewaySettings(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings_info.py b/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings_info.py new file mode 100644 index 00000000..8aa18150 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/transport_gateway_settings_info.py @@ -0,0 +1,90 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if not name and not id: + response = ise.exec( + family="telemetry", + function='get_transport_gateway', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trusted_certificate.py b/ansible_collections/cisco/ise/plugins/action/trusted_certificate.py new file mode 100644 index 00000000..8b86c914 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trusted_certificate.py @@ -0,0 +1,300 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + authenticateBeforeCRLReceived=dict(type="bool"), + automaticCRLUpdate=dict(type="bool"), + automaticCRLUpdatePeriod=dict(type="int"), + automaticCRLUpdateUnits=dict(type="str"), + crlDistributionUrl=dict(type="str"), + crlDownloadFailureRetries=dict(type="int"), + crlDownloadFailureRetriesUnits=dict(type="str"), + description=dict(type="str"), + downloadCRL=dict(type="bool"), + enableOCSPValidation=dict(type="bool"), + enableServerIdentityCheck=dict(type="bool"), + ignoreCRLExpiration=dict(type="bool"), + name=dict(type="str"), + nonAutomaticCRLUpdatePeriod=dict(type="int"), + nonAutomaticCRLUpdateUnits=dict(type="str"), + rejectIfNoStatusFromOCSP=dict(type="bool"), + rejectIfUnreachableFromOCSP=dict(type="bool"), + selectedOCSPService=dict(type="str"), + status=dict(type="str"), + trustForCertificateBasedAdminAuth=dict(type="bool"), + trustForCiscoServicesAuth=dict(type="bool"), + trustForClientAuth=dict(type="bool"), + trustForIseAuth=dict(type="bool"), + id=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TrustedCertificate(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + authenticate_before_crl_received=params.get("authenticateBeforeCRLReceived"), + automatic_crl_update=params.get("automaticCRLUpdate"), + automatic_crl_update_period=params.get("automaticCRLUpdatePeriod"), + automatic_crl_update_units=params.get("automaticCRLUpdateUnits"), + crl_distribution_url=params.get("crlDistributionUrl"), + crl_download_failure_retries=params.get("crlDownloadFailureRetries"), + crl_download_failure_retries_units=params.get("crlDownloadFailureRetriesUnits"), + description=params.get("description"), + download_crl=params.get("downloadCRL"), + enable_ocsp_validation=params.get("enableOCSPValidation"), + enable_server_identity_check=params.get("enableServerIdentityCheck"), + ignore_crl_expiration=params.get("ignoreCRLExpiration"), + name=params.get("name"), + non_automatic_crl_update_period=params.get("nonAutomaticCRLUpdatePeriod"), + non_automatic_crl_update_units=params.get("nonAutomaticCRLUpdateUnits"), + reject_if_no_status_from_ocs_p=params.get("rejectIfNoStatusFromOCSP"), + reject_if_unreachable_from_ocs_p=params.get("rejectIfUnreachableFromOCSP"), + selected_ocsp_service=params.get("selectedOCSPService"), + status=params.get("status"), + trust_for_certificate_based_admin_auth=params.get("trustForCertificateBasedAdminAuth"), + trust_for_cisco_services_auth=params.get("trustForCiscoServicesAuth"), + trust_for_client_auth=params.get("trustForClientAuth"), + trust_for_ise_auth=params.get("trustForIseAuth"), + id=params.get("id"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="certificates", + function="get_trusted_certificates_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response.get('response', []) + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="certificates", + function="get_trusted_certificate_by_id", + params={"id": id}, + handle_func_exception=False, + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + + def exists(self): + prev_obj = None + id_exists = False + name_exists = False + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("authenticateBeforeCRLReceived", "authenticate_before_crl_received"), + ("automaticCRLUpdate", "automatic_crl_update"), + ("automaticCRLUpdatePeriod", "automatic_crl_update_period"), + ("automaticCRLUpdateUnits", "automatic_crl_update_units"), + ("crlDistributionUrl", "crl_distribution_url"), + ("crlDownloadFailureRetries", "crl_download_failure_retries"), + ("crlDownloadFailureRetriesUnits", "crl_download_failure_retries_units"), + ("description", "description"), + ("downloadCRL", "download_crl"), + ("enableOCSPValidation", "enable_ocsp_validation"), + ("enableServerIdentityCheck", "enable_server_identity_check"), + ("ignoreCRLExpiration", "ignore_crl_expiration"), + ("name", "name"), + ("nonAutomaticCRLUpdatePeriod", "non_automatic_crl_update_period"), + ("nonAutomaticCRLUpdateUnits", "non_automatic_crl_update_units"), + ("rejectIfNoStatusFromOCSP", "reject_if_no_status_from_ocs_p"), + ("rejectIfUnreachableFromOCSP", "reject_if_unreachable_from_ocs_p"), + ("selectedOCSPService", "selected_ocsp_service"), + ("status", "status"), + ("trustForCertificateBasedAdminAuth", "trust_for_certificate_based_admin_auth"), + ("trustForCiscoServicesAuth", "trust_for_cisco_services_auth"), + ("trustForClientAuth", "trust_for_client_auth"), + ("trustForIseAuth", "trust_for_ise_auth"), + ("id", "id"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="certificates", + function="update_trusted_certificate", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="certificates", + function="delete_trusted_certificate_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TrustedCertificate(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise.fail_json("Object does not exists, plugin only has update") + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trusted_certificate_export_info.py b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_export_info.py new file mode 100644 index 00000000..fc1e9d07 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_export_info.py @@ -0,0 +1,110 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + id=dict(type="str"), + dirPath=dict(type="str"), + saveFile=dict(type="bool"), + filename=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + id=params.get("id"), + dirpath=params.get("dirPath"), + save_file=params.get("saveFile"), + filename=params.get("filename"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response={})) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("filename") + if id: + download_response = ise.exec( + family="certificates", + function='export_trusted_certificate', + params=self.get_object(self._task.args) + ) + response = dict( + data=download_response.data.decode(encoding='utf-8'), + filename=download_response.filename, + dirpath=download_response.dirpath, + path=download_response.path, + ) + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + # NOTICE: Does not have a get all method or it is in another action + response = None + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trusted_certificate_import.py b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_import.py new file mode 100644 index 00000000..c36cdf54 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_import.py @@ -0,0 +1,108 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + allowBasicConstraintCAFalse=dict(type="bool"), + allowOutOfDateCert=dict(type="bool"), + allowSHA1Certificates=dict(type="bool"), + data=dict(type="str"), + description=dict(type="str"), + name=dict(type="str"), + trustForCertificateBasedAdminAuth=dict(type="bool"), + trustForCiscoServicesAuth=dict(type="bool"), + trustForClientAuth=dict(type="bool"), + trustForIseAuth=dict(type="bool"), + validateCertificateExtensions=dict(type="bool"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + allow_basic_constraint_cafalse=params.get("allowBasicConstraintCAFalse"), + allow_out_of_date_cert=params.get("allowOutOfDateCert"), + allow_sha1_certificates=params.get("allowSHA1Certificates"), + data=params.get("data"), + description=params.get("description"), + name=params.get("name"), + trust_for_certificate_based_admin_auth=params.get("trustForCertificateBasedAdminAuth"), + trust_for_cisco_services_auth=params.get("trustForCiscoServicesAuth"), + trust_for_client_auth=params.get("trustForClientAuth"), + trust_for_ise_auth=params.get("trustForIseAuth"), + validate_certificate_extensions=params.get("validateCertificateExtensions"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="certificates", + function="import_trust_certificate", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trusted_certificate_info.py b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_info.py new file mode 100644 index 00000000..b0fd68fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trusted_certificate_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="certificates", + function='get_trusted_certificate_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="certificates", + function='get_trusted_certificates_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app.py b/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app.py new file mode 100644 index 00000000..3cb7209b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app.py @@ -0,0 +1,256 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + description=dict(type="str"), + id=dict(type="str"), + name=dict(type="str"), + networkIdentities=dict(type="list"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TrustsecNbarApp(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + description=params.get("description"), + id=params.get("id"), + name=params.get("name"), + network_identities=params.get("networkIdentities"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="nbar_app", + function="get_nbar_apps_generator", + params={"filter": "name.EQ.{name}".format(name=name)} + ) + try: + for items_response in gen_items_responses: + items = items_response.response['response'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="nbar_app", + function="get_nbar_app_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + if isinstance(result, list) and len(result) > 0: + return result[0] + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("description", "description"), + ("id", "id"), + ("name", "name"), + ("networkIdentities", "network_identities"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="nbar_app", + function="create_nbar_app", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="nbar_app", + function="update_nbar_app_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="nbar_app", + function="delete_nbar_app_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TrustsecNbarApp(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app_info.py b/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app_info.py new file mode 100644 index 00000000..e0390f20 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_nbar_app_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="nbar_app", + function='get_nbar_app_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="nbar_app", + function='get_nbar_apps_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping.py b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping.py new file mode 100644 index 00000000..f522e929 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping.py @@ -0,0 +1,267 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + lastUpdate=dict(type="str"), + sgName=dict(type="str"), + sgtId=dict(type="str"), + vnId=dict(type="str"), + vnName=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "sgName", "vnName"], True), + ("state", "absent", ["id", "sgName", "vnName"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TrustsecSgVnMapping(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + last_update=params.get("lastUpdate"), + sg_name=params.get("sgName"), + sgt_id=params.get("sgtId"), + vn_id=params.get("vnId"), + vn_name=params.get("vnName"), + ) + + def get_object_by_name(self, sg_name, vn_name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="sg_vn_mapping", + function="get_sg_vn_mappings_generator" + ) + try: + for items_response in gen_items_responses: + items = items_response.response['response'] + for item in items: + if isinstance(item, dict) and item.get('sgName') == sg_name and item.get('vnName') == vn_name: + result = item + break + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="sg_vn_mapping", + function="get_sg_vn_mapping_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + if isinstance(result, list) and len(result) > 0: + return result[0] + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + sg_name = self.new_object.get("sg_name") + vn_name = self.new_object.get("vn_name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and sg_name and vn_name: + prev_obj = self.get_object_by_name(sg_name, vn_name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("lastUpdate", "last_update"), + ("sgName", "sg_name"), + ("sgtId", "sgt_id"), + ("vnId", "vn_id"), + ("vnName", "vn_name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="sg_vn_mapping", + function="create_sg_vn_mapping", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + sg_name = self.new_object.get("sg_name") + vn_name = self.new_object.get("vn_name") + result = None + if not id: + id_ = self.get_object_by_name(sg_name, vn_name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sg_vn_mapping", + function="update_sg_vn_mapping_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + sg_name = self.new_object.get("sg_name") + vn_name = self.new_object.get("vn_name") + result = None + if not id: + id_ = self.get_object_by_name(sg_name, vn_name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="sg_vn_mapping", + function="delete_sg_vn_mapping_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TrustsecSgVnMapping(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_create.py b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_create.py new file mode 100644 index 00000000..349b4bc8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_create.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sg_vn_mapping", + function="bulk_create_sg_vn_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_delete.py b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_delete.py new file mode 100644 index 00000000..ab7effb6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_delete.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sg_vn_mapping", + function="bulk_delete_sg_vn_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_update.py b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_update.py new file mode 100644 index 00000000..f84f9110 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_bulk_update.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="sg_vn_mapping", + function="bulk_update_sg_vn_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_info.py b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_info.py new file mode 100644 index 00000000..42820bc3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_sg_vn_mapping_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="sg_vn_mapping", + function='get_sg_vn_mapping_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="sg_vn_mapping", + function='get_sg_vn_mappings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn.py new file mode 100644 index 00000000..ff1dd8fd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn.py @@ -0,0 +1,256 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + additionalAttributes=dict(type="str"), + id=dict(type="str"), + lastUpdate=dict(type="str"), + name=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TrustsecVn(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + additional_attributes=params.get("additionalAttributes"), + id=params.get("id"), + last_update=params.get("lastUpdate"), + name=params.get("name"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="virtual_network", + function="get_virtual_networks_generator", + params={"filter": "name.EQ.{name}".format(name=name)} + ) + try: + for items_response in gen_items_responses: + items = items_response.response['response'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="virtual_network", + function="get_virtual_network_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + if isinstance(result, list) and len(result) > 0: + return result[0] + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("additionalAttributes", "additional_attributes"), + ("id", "id"), + ("lastUpdate", "last_update"), + ("name", "name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="virtual_network", + function="create_virtual_network", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="virtual_network", + function="update_virtual_network_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="virtual_network", + function="delete_virtual_network_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TrustsecVn(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_create.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_create.py new file mode 100644 index 00000000..95943d62 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_create.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="virtual_network", + function="bulk_create_virtual_networks", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_delete.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_delete.py new file mode 100644 index 00000000..d6aed540 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_delete.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="virtual_network", + function="bulk_delete_virtual_networks", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_update.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_update.py new file mode 100644 index 00000000..4b37b331 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_bulk_update.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="virtual_network", + function="bulk_update_virtual_networks", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_info.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_info.py new file mode 100644 index 00000000..0029067e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="virtual_network", + function='get_virtual_network_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="virtual_network", + function='get_virtual_networks_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping.py new file mode 100644 index 00000000..b137aa8c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping.py @@ -0,0 +1,268 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, + ise_compare_equality, + get_dict_result, +) +from ansible_collections.cisco.ise.plugins.plugin_utils.exceptions import ( + InconsistentParameters, +) + +# Get common arguments specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + state=dict(type="str", default="present", choices=["present", "absent"]), + id=dict(type="str"), + isData=dict(type="bool"), + isDefaultVlan=dict(type="bool"), + lastUpdate=dict(type="str"), + maxValue=dict(type="int"), + name=dict(type="str"), + vnId=dict(type="str"), + vnName=dict(type="str"), +)) + +required_if = [ + ("state", "present", ["id", "name"], True), + ("state", "absent", ["id", "name"], True), +] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class TrustsecVnVlanMapping(object): + def __init__(self, params, ise): + self.ise = ise + self.new_object = dict( + id=params.get("id"), + is_data=params.get("isData"), + is_default_vlan=params.get("isDefaultVlan"), + last_update=params.get("lastUpdate"), + max_value=params.get("maxValue"), + name=params.get("name"), + vn_id=params.get("vnId"), + vn_name=params.get("vnName"), + ) + + def get_object_by_name(self, name): + # NOTICE: Get does not support/work for filter by name with EQ + result = None + gen_items_responses = self.ise.exec( + family="vn_vlan_mapping", + function="get_vn_vlan_mappings_generator", + params={"filter": "name.EQ.{name}".format(name=name)} + ) + try: + for items_response in gen_items_responses: + items = items_response.response['response'] + result = get_dict_result(items, 'name', name) + if result: + return result + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + return result + return result + + def get_object_by_id(self, id): + try: + result = self.ise.exec( + family="vn_vlan_mapping", + function="get_vn_vlan_mapping_by_id", + handle_func_exception=False, + params={"id": id} + ).response['response'] + except (TypeError, AttributeError) as e: + self.ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception: + result = None + if isinstance(result, list) and len(result) > 0: + return result[0] + return result + + def exists(self): + id_exists = False + name_exists = False + prev_obj = None + o_id = self.new_object.get("id") + name = self.new_object.get("name") + if o_id: + prev_obj = self.get_object_by_id(o_id) + id_exists = prev_obj is not None and isinstance(prev_obj, dict) + if not id_exists and name: + prev_obj = self.get_object_by_name(name) + name_exists = prev_obj is not None and isinstance(prev_obj, dict) + if name_exists: + _id = prev_obj.get("id") + if id_exists and name_exists and o_id != _id: + raise InconsistentParameters("The 'id' and 'name' params don't refer to the same object") + if _id: + prev_obj = self.get_object_by_id(_id) + it_exists = prev_obj is not None and isinstance(prev_obj, dict) + return (it_exists, prev_obj) + + def requires_update(self, current_obj): + requested_obj = self.new_object + + obj_params = [ + ("id", "id"), + ("isData", "is_data"), + ("isDefaultVlan", "is_default_vlan"), + ("lastUpdate", "last_update"), + ("maxValue", "max_value"), + ("name", "name"), + ("vnId", "vn_id"), + ("vnName", "vn_name"), + ] + # Method 1. Params present in request (Ansible) obj are the same as the current (ISE) params + # If any does not have eq params, it requires update + return any(not ise_compare_equality(current_obj.get(ise_param), + requested_obj.get(ansible_param)) + for (ise_param, ansible_param) in obj_params) + + def create(self): + result = self.ise.exec( + family="vn_vlan_mapping", + function="create_vn_vlan_mapping", + params=self.new_object, + ).response + return result + + def update(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="vn_vlan_mapping", + function="update_vn_vlan_mapping_by_id", + params=self.new_object + ).response + return result + + def delete(self): + id = self.new_object.get("id") + name = self.new_object.get("name") + result = None + if not id: + id_ = self.get_object_by_name(name).get("id") + self.new_object.update(dict(id=id_)) + result = self.ise.exec( + family="vn_vlan_mapping", + function="delete_vn_vlan_mapping_by_id", + params=self.new_object + ).response + return result + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + obj = TrustsecVnVlanMapping(self._task.args, ise) + + state = self._task.args.get("state") + + response = None + + if state == "present": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + if obj.requires_update(prev_obj): + ise_update_response = obj.update() + self._result.update(dict(ise_update_response=ise_update_response)) + (obj_exists, updated_obj) = obj.exists() + response = updated_obj + ise.object_updated() + else: + response = prev_obj + ise.object_already_present() + else: + ise_create_response = obj.create() + (obj_exists, created_obj) = obj.exists() + response = created_obj + ise.object_created() + + elif state == "absent": + (obj_exists, prev_obj) = obj.exists() + if obj_exists: + obj.delete() + response = prev_obj + ise.object_deleted() + else: + ise.object_already_absent() + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_create.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_create.py new file mode 100644 index 00000000..361916f3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_create.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="vn_vlan_mapping", + function="bulk_create_vn_vlan_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_delete.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_delete.py new file mode 100644 index 00000000..6cb9d935 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_delete.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="vn_vlan_mapping", + function="bulk_delete_vn_vlan_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_update.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_update.py new file mode 100644 index 00000000..fa6f11ed --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_bulk_update.py @@ -0,0 +1,88 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + payload=dict(type="list"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = False + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + payload=params.get("payload"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + ise = ISESDK(params=self._task.args) + + response = ise.exec( + family="vn_vlan_mapping", + function="bulk_update_vn_vlan_mappings", + params=self.get_object(self._task.args), + ).response + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_info.py b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_info.py new file mode 100644 index 00000000..f99235f7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/action/trustsec_vn_vlan_mapping_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +from ansible.plugins.action import ActionBase + +try: + from ansible_collections.ansible.utils.plugins.module_utils.common.argspec_validate import ( + AnsibleArgSpecValidator, + ) +except ImportError: + ANSIBLE_UTILS_IS_INSTALLED = False +else: + ANSIBLE_UTILS_IS_INSTALLED = True +from ansible.errors import AnsibleActionFail +from ansible_collections.cisco.ise.plugins.plugin_utils.ise import ( + ISESDK, + ise_argument_spec, +) + +# Get common arguements specification +argument_spec = ise_argument_spec() +# Add arguments specific for this module +argument_spec.update(dict( + page=dict(type="int"), + size=dict(type="int"), + sort=dict(type="str"), + sortBy=dict(type="str"), + filter=dict(type="list"), + filterType=dict(type="str"), + id=dict(type="str"), +)) + +required_if = [] +required_one_of = [] +mutually_exclusive = [] +required_together = [] + + +class ActionModule(ActionBase): + def __init__(self, *args, **kwargs): + if not ANSIBLE_UTILS_IS_INSTALLED: + raise AnsibleActionFail("ansible.utils is not installed. Execute 'ansible-galaxy collection install ansible.utils'") + super(ActionModule, self).__init__(*args, **kwargs) + self._supports_async = False + self._supports_check_mode = True + self._result = None + + # Checks the supplied parameters against the argument spec for this module + def _check_argspec(self): + aav = AnsibleArgSpecValidator( + data=self._task.args, + schema=dict(argument_spec=argument_spec), + schema_format="argspec", + schema_conditionals=dict( + required_if=required_if, + required_one_of=required_one_of, + mutually_exclusive=mutually_exclusive, + required_together=required_together, + ), + name=self._task.action, + ) + valid, errors, self._task.args = aav.validate() + if not valid: + raise AnsibleActionFail(errors) + + def get_object(self, params): + new_object = dict( + page=params.get("page"), + size=params.get("size"), + sort=params.get("sort"), + sort_by=params.get("sortBy"), + filter=params.get("filter"), + filter_type=params.get("filterType"), + id=params.get("id"), + ) + return new_object + + def run(self, tmp=None, task_vars=None): + self._task.diff = False + self._result = super(ActionModule, self).run(tmp, task_vars) + self._result["changed"] = False + self._check_argspec() + + self._result.update(dict(ise_response=[])) + + ise = ISESDK(params=self._task.args) + + id = self._task.args.get("id") + name = self._task.args.get("name") + if id: + response = ise.exec( + family="vn_vlan_mapping", + function='get_vn_vlan_mapping_by_id', + params=self.get_object(self._task.args) + ).response['response'] + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result + if not name and not id: + responses = [] + generator = ise.exec( + family="vn_vlan_mapping", + function='get_vn_vlan_mappings_generator', + params=self.get_object(self._task.args), + ) + try: + for item in generator: + tmp_response = item.response['response'] + if isinstance(tmp_response, list): + responses += tmp_response + else: + responses.append(tmp_response) + response = responses + except (TypeError, AttributeError) as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " Check the configuration of your API Settings and API Gateway settings on your ISE server." + " This collection assumes that the API Gateway, the ERS APIs and OpenAPIs are enabled." + " You may want to enable the (ise_debug: True) argument." + " The error was: {error}" + ).format(error=e) + ) + except Exception as e: + ise.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + " You may want to enable the (ise_debug: True) argument." + ).format(error=e) + ) + + self._result.update(dict(ise_response=response)) + self._result.update(ise.exit_json()) + return self._result diff --git a/ansible_collections/cisco/ise/plugins/doc_fragments/__init__.py b/ansible_collections/cisco/ise/plugins/doc_fragments/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/ansible_collections/cisco/ise/plugins/doc_fragments/module.py b/ansible_collections/cisco/ise/plugins/doc_fragments/module.py new file mode 100644 index 00000000..dfb7ad90 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/doc_fragments/module.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + ise_hostname: + description: + - The Identity Services Engine hostname. + type: str + required: true + ise_username: + description: + - The Identity Services Engine username to authenticate. + type: str + required: true + ise_password: + description: + - The Identity Services Engine password to authenticate. + type: str + required: true + ise_verify: + description: + - Flag to enable or disable SSL certificate verification. + type: bool + default: true + ise_version: + description: + - Informs the SDK which version of Identity Services Engine to use. + type: str + default: 3.1_Patch_1 + ise_wait_on_rate_limit: + description: + - Flag for Identity Services Engine SDK to enable automatic rate-limit handling. + type: bool + default: true + ise_debug: + description: + - Flag for Identity Services Engine SDK to enable debugging. + type: bool + default: false + ise_uses_api_gateway: + description: + - Flag that informs the SDK whether to use the Identity Services Engine's API Gateway to send requests. + - If it is true, it uses the ISE's API Gateway and sends requests to https://{{ise_hostname}}. + - If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). + type: bool + default: true + version_added: '1.1.0' + ise_uses_csrf_token: + description: + - Flag that informs the SDK whether we send the CSRF token to ISE's ERS APIs. + - If it is True, the SDK assumes that your ISE CSRF Check is enabled. + - If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. + type: bool + default: false + version_added: '3.0.0' +notes: + - "Does not support C(check_mode)" + - "The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK" + - "The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection" +''' diff --git a/ansible_collections/cisco/ise/plugins/doc_fragments/module_info.py b/ansible_collections/cisco/ise/plugins/doc_fragments/module_info.py new file mode 100644 index 00000000..57e385ca --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/doc_fragments/module_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + + +class ModuleDocFragment(object): + + # Standard files documentation fragment + DOCUMENTATION = r''' +options: + ise_hostname: + description: + - The Identity Services Engine hostname. + type: str + required: true + ise_username: + description: + - The Identity Services Engine username to authenticate. + type: str + required: true + ise_password: + description: + - The Identity Services Engine password to authenticate. + type: str + required: true + ise_verify: + description: + - Flag to enable or disable SSL certificate verification. + type: bool + default: true + ise_version: + description: + - Informs the SDK which version of Identity Services Engine to use. + type: str + default: 3.1_Patch_1 + ise_wait_on_rate_limit: + description: + - Flag for Identity Services Engine SDK to enable automatic rate-limit handling. + type: bool + default: true + ise_debug: + description: + - Flag for Identity Services Engine SDK to enable debugging. + type: bool + default: false + ise_uses_api_gateway: + description: + - Flag that informs the SDK whether to use the Identity Services Engine's API Gateway to send requests. + - If it is true, it uses the ISE's API Gateway and sends requests to https://{{ise_hostname}}. + - If it is false, it sends the requests to https://{{ise_hostname}}:{{port}}, where the port value depends on the Service used (ERS, Mnt, UI, PxGrid). + type: bool + default: true + version_added: '1.1.0' + ise_uses_csrf_token: + description: + - Flag that informs the SDK whether we send the CSRF token to ISE's ERS APIs. + - If it is True, the SDK assumes that your ISE CSRF Check is enabled. + - If it is True, it assumes you need the SDK to manage the CSRF token automatically for you. + type: bool + default: false + version_added: '3.0.0' +notes: + - "Supports C(check_mode)" + - "The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager from Cisco ISE SDK" + - "The parameters starting with ise_ are used by the Cisco ISE Python SDK to establish the connection" +''' diff --git a/ansible_collections/cisco/ise/plugins/modules/__init__.py b/ansible_collections/cisco/ise/plugins/modules/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/ansible_collections/cisco/ise/plugins/modules/aci_bindings_info.py b/ansible_collections/cisco/ise/plugins/modules/aci_bindings_info.py new file mode 100644 index 00000000..d08c9ebf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/aci_bindings_info.py @@ -0,0 +1,112 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: aci_bindings_info +short_description: Information module for ACI Bindings +description: +- Get all ACI Bindings. +- This API allows clients to retrieve all the bindings that were sent to Cisco. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filterBy: + description: + - FilterBy query parameter. + elements: str + type: list + filterValue: + description: + - FilterValue query parameter. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + aci_bindings.AciBindings.get_aci_bindings_generator, + + - Paths used are + get /ers/config/acibindings/getall, + +""" + +EXAMPLES = r""" +- name: Get all ACI Bindings + cisco.ise.aci_bindings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sort: asc + sortBy: string + filterBy: [] + filterValue: [] + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "ip": "string", + "sgtValue": "string", + "vn": "string", + "psn": "string", + "learnedFrom": "string", + "learnedBy": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "ip": "string", + "sgtValue": "string", + "vn": "string", + "psn": "string", + "learnedFrom": "string", + "learnedBy": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/aci_settings.py b/ansible_collections/cisco/ise/plugins/modules/aci_settings.py new file mode 100644 index 00000000..3c6e5f13 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/aci_settings.py @@ -0,0 +1,190 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: aci_settings +short_description: Resource module for ACI Settings +description: +- Manage operation update of the resource ACI Settings. +- This API allows the client to update ACI settings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + aci50: + description: Enable 5.0 ACI Version. + type: bool + aci51: + description: Enable 5.1 ACI Version. + type: bool + aciipaddress: + description: ACI Domain manager Ip Address. + type: str + acipassword: + description: ACI Domain manager Password. + type: str + aciuserName: + description: ACI Domain manager Username. + type: str + adminName: + description: ACI Cluster Admin name. + type: str + adminPassword: + description: ACI Cluster Admin password. + type: str + allSXPDomain: + description: AllSXPDomain flag. + type: bool + defaultSGtName: + description: ACI Settings's defaultSGtName. + type: str + enableACI: + description: Enable ACI Integration. + type: bool + enableDataPlane: + description: EnableDataPlane flag. + type: bool + enableElementsLimit: + description: EnableElementsLimit flag. + type: bool + id: + description: Resource UUID value. + type: str + ipAddressHostName: + description: ACI Cluster IP Address / Host name. + type: str + l3RouteNetwork: + description: ACI Settings's l3RouteNetwork. + type: str + maxNumIepgFromACI: + description: ACI Settings's maxNumIepgFromACI. + type: int + maxNumSGtToACI: + description: ACI Settings's maxNumSGtToACI. + type: int + specificSXPDomain: + description: SpecificSXPDomain flag. + type: bool + specifixSXPDomainList: + description: ACI Settings's specifixSXPDomainList. + elements: str + type: list + suffixToEpg: + description: ACI Settings's suffixToEpg. + type: str + suffixToSGt: + description: ACI Settings's suffixToSGt. + type: str + tenantName: + description: ACI Settings's tenantName. + type: str + untaggedPacketIepgName: + description: ACI Settings's untaggedPacketIepgName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + aci_settings.AciSettings.update_aci_settings_by_id, + + - Paths used are + put /ers/config/acisettings/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.aci_settings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + aci50: true + aci51: true + aciipaddress: string + acipassword: string + aciuserName: string + adminName: string + adminPassword: string + allSxpDomain: true + defaultSgtName: string + enableAci: true + enableDataPlane: true + enableElementsLimit: true + id: string + ipAddressHostName: string + l3RouteNetwork: string + maxNumIepgFromAci: 0 + maxNumSgtToAci: 0 + specificSxpDomain: true + specifixSxpDomainList: + - string + suffixToEpg: string + suffixToSgt: string + tenantName: string + untaggedPacketIepgName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "enableAci": true, + "ipAddressHostName": "string", + "adminName": "string", + "adminPassword": "string", + "aciipaddress": "string", + "aciuserName": "string", + "acipassword": "string", + "tenantName": "string", + "l3RouteNetwork": "string", + "suffixToEpg": "string", + "suffixToSgt": "string", + "allSxpDomain": true, + "specificSxpDomain": true, + "specifixSxpDomainList": [ + "string" + ], + "enableDataPlane": true, + "untaggedPacketIepgName": "string", + "defaultSgtName": "string", + "enableElementsLimit": true, + "maxNumIepgFromAci": 0, + "maxNumSgtToAci": 0, + "aci50": true, + "aci51": true + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/aci_settings_info.py b/ansible_collections/cisco/ise/plugins/modules/aci_settings_info.py new file mode 100644 index 00000000..5884b472 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/aci_settings_info.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: aci_settings_info +short_description: Information module for ACI Settings +description: +- Get all ACI Settings. +- This API allows the client to get ACI Settings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + aci_settings.AciSettings.get_aci_settings, + + - Paths used are + get /ers/config/acisettings, + +""" + +EXAMPLES = r""" +- name: Get all ACI Settings + cisco.ise.aci_settings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "enableAci": true, + "ipAddressHostName": "string", + "adminName": "string", + "adminPassword": "string", + "aciipaddress": "string", + "aciuserName": "string", + "acipassword": "string", + "tenantName": "string", + "l3RouteNetwork": "string", + "suffixToEpg": "string", + "suffixToSgt": "string", + "allSxpDomain": true, + "specificSxpDomain": true, + "specifixSxpDomainList": [ + "string" + ], + "enableDataPlane": true, + "untaggedPacketIepgName": "string", + "defaultSgtName": "string", + "enableElementsLimit": true, + "maxNumIepgFromAci": 0, + "maxNumSgtToAci": 0, + "aci50": true, + "aci51": true + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/aci_test_connectivity.py b/ansible_collections/cisco/ise/plugins/modules/aci_test_connectivity.py new file mode 100644 index 00000000..5608cde0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/aci_test_connectivity.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: aci_test_connectivity +short_description: Resource module for ACI Test Connectivity +description: +- Manage operation update of the resource ACI Test Connectivity. +- This API allows the client to test ACI Domain Manager connection. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + aci_settings.AciSettings.test_aci_connectivity, + + - Paths used are + put /ers/config/acisettings/testACIConnectivity, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.aci_test_connectivity: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "ACITestConnectionResult": { + "result": true + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory.py b/ansible_collections/cisco/ise/plugins/modules/active_directory.py new file mode 100644 index 00000000..5fa9d41b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory.py @@ -0,0 +1,347 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory +short_description: Resource module for Active Directory +description: +- Manage operations create and delete of the resource Active Directory. +- This API creates an AD join point in Cisco ISE. +- This API deletes an AD join point from Cisco ISE. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + adAttributes: + description: Holds list of AD Attributes. + suboptions: + attributes: + description: List of Attributes. + elements: dict + suboptions: + defaultValue: + description: Required for each attribute in the attribute list. Can contain + an empty string. All characters are allowed except <%". + type: str + internalName: + description: Required for each attribute in the attribute list. All characters + are allowed except <%". + type: str + name: + description: Required for each attribute in the attribute list with no duplication + between attributes. All characters are allowed except <%". + type: str + type: + description: Required for each group in the group list. Allowed values STRING, + IP, BOOLEAN, INT, OCTET_STRING. + type: str + type: list + type: dict + adScopesNames: + description: String that contains the names of the scopes that the active directory + belongs to. Names are separated by comma. Alphanumeric, underscore (_) characters + are allowed. + type: str + adgroups: + description: Holds list of AD Groups. + suboptions: + groups: + description: List of Groups. + elements: dict + suboptions: + name: + description: Required for each group in the group list with no duplication + between groups. All characters are allowed except %. + type: str + sid: + description: Cisco ISE uses security identifiers (SIDs) for optimization + of group membership evaluation. SIDs are useful for efficiency (speed) + when the groups are evaluated. All characters are allowed except %. + type: str + type: + description: No character restriction. + type: str + type: list + type: dict + advancedSettings: + description: Active Directory's advancedSettings. + suboptions: + agingTime: + description: Range 1-8760 hours. + type: int + authProtectionType: + description: Enable prevent AD account lockout. Allowed values - WIRELESS, - + WIRED, - BOTH. + type: str + country: + description: User info attribute. All characters are allowed except %. + type: str + department: + description: User info attribute. All characters are allowed except %. + type: str + email: + description: User info attribute. All characters are allowed except %. + type: str + enableCallbackForDialinClient: + description: EnableCallbackForDialinClient flag. + type: bool + enableDialinPermissionCheck: + description: EnableDialinPermissionCheck flag. + type: bool + enableFailedAuthProtection: + description: Enable prevent AD account lockout due to too many bad password + attempts. + type: bool + enableMachineAccess: + description: EnableMachineAccess flag. + type: bool + enableMachineAuth: + description: EnableMachineAuth flag. + type: bool + enablePassChange: + description: EnablePassChange flag. + type: bool + enableRewrites: + description: EnableRewrites flag. + type: bool + failedAuthThreshold: + description: Number of bad password attempts. + type: int + firstName: + description: User info attribute. All characters are allowed except %. + type: str + identityNotInAdBehaviour: + description: Allowed values REJECT, SEARCH_JOINED_FOREST, SEARCH_ALL. + type: str + jobTitle: + description: User info attribute. All characters are allowed except %. + type: str + lastName: + description: User info attribute. All characters are allowed except %. + type: str + locality: + description: User info attribute. All characters are allowed except %. + type: str + organizationalUnit: + description: User info attribute. All characters are allowed except %. + type: str + plaintextAuth: + description: PlaintextAuth flag. + type: bool + rewriteRules: + description: Identity rewrite is an advanced feature that directs Cisco ISE + to manipulate the identity before it is passed to the external Active Directory + system. You can create rules to change the identity to a desired format that + includes or excludes a domain prefix and/or suffix or other additional markup + of your choice. + elements: dict + suboptions: + rewriteMatch: + description: Required for each rule in the list with no duplication between + rules. All characters are allowed except %". + type: str + rewriteResult: + description: Required for each rule in the list. All characters are allowed + except %". + type: str + rowId: + description: Required for each rule in the list in serial order. + type: int + type: list + schema: + description: Allowed values ACTIVE_DIRECTORY, CUSTOM. Choose ACTIVE_DIRECTORY + schema when the AD attributes defined in AD can be copied to relevant attributes + in Cisco ISE. If customization is needed, choose CUSTOM schema. All User info + attributes are always set to default value if schema is ACTIVE_DIRECTORY. + Values can be changed only for CUSTOM schema. + type: str + stateOrProvince: + description: User info attribute. All characters are allowed except %. + type: str + streetAddress: + description: User info attribute. All characters are allowed except %. + type: str + telephone: + description: User info attribute. All characters are allowed except %. + type: str + unreachableDomainsBehaviour: + description: Allowed values PROCEED, DROP. + type: str + type: dict + description: + description: No character restriction. + type: str + domain: + description: The AD domain. Alphanumeric, hyphen (-) and dot (.) characters are + allowed. + type: str + enableDomainWhiteList: + description: EnableDomainWhiteList flag. + type: bool + id: + description: Id path parameter. + type: str + name: + description: Resource Name. Maximum 32 characters allowed. Allowed characters are + alphanumeric and .-_/\\ characters. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.create_active_directory, + active_directory.ActiveDirectory.delete_active_directory_by_id, + + - Paths used are + post /ers/config/activedirectory, + delete /ers/config/activedirectory/{id}, + +""" + +EXAMPLES = r""" +- name: Delete by id + cisco.ise.active_directory: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.active_directory: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + adAttributes: + attributes: + - defaultValue: string + internalName: string + name: string + type: string + adScopesNames: string + adgroups: + groups: + - name: string + sid: string + type: string + advancedSettings: + agingTime: 0 + authProtectionType: string + country: string + department: string + email: string + enableCallbackForDialinClient: true + enableDialinPermissionCheck: true + enableFailedAuthProtection: true + enableMachineAccess: true + enableMachineAuth: true + enablePassChange: true + enableRewrites: true + failedAuthThreshold: 0 + firstName: string + identityNotInAdBehaviour: string + jobTitle: string + lastName: string + locality: string + organizationalUnit: string + plaintextAuth: true + rewriteRules: + - rewriteMatch: string + rewriteResult: string + rowId: 0 + schema: string + stateOrProvince: string + streetAddress: string + telephone: string + unreachableDomainsBehaviour: string + description: string + domain: string + enableDomainWhiteList: true + id: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "domain": "string", + "enableDomainWhiteList": true, + "enableDomainAllowedList": true, + "adgroups": { + "groups": [ + { + "name": "string", + "sid": "string", + "type": "string" + } + ] + }, + "advancedSettings": { + "enablePassChange": true, + "enableMachineAuth": true, + "enableMachineAccess": true, + "agingTime": 0, + "enableDialinPermissionCheck": true, + "enableCallbackForDialinClient": true, + "plaintextAuth": true, + "enableFailedAuthProtection": true, + "authProtectionType": "string", + "failedAuthThreshold": 0, + "identityNotInAdBehaviour": "string", + "unreachableDomainsBehaviour": "string", + "enableRewrites": true, + "rewriteRules": [ + { + "rowId": 0, + "rewriteMatch": "string", + "rewriteResult": "string" + } + ], + "firstName": "string", + "department": "string", + "lastName": "string", + "organizationalUnit": "string", + "jobTitle": "string", + "locality": "string", + "email": "string", + "stateOrProvince": "string", + "telephone": "string", + "country": "string", + "streetAddress": "string", + "schema": "string" + }, + "adAttributes": { + "attributes": [ + { + "name": "string", + "type": "string", + "internalName": "string", + "defaultValue": "string" + } + ] + }, + "adScopesNames": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_add_groups.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_add_groups.py new file mode 100644 index 00000000..298a05eb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_add_groups.py @@ -0,0 +1,268 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_add_groups +short_description: Resource module for Active Directory Add Groups +description: +- Manage operation update of the resource Active Directory Add Groups. +- This API loads domain groups configuration from Active Directory into Cisco. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + adAttributes: + description: Holds list of AD Attributes. + suboptions: + attributes: + description: List of Attributes. + elements: dict + suboptions: + defaultValue: + description: Required for each attribute in the attribute list. Can contain + an empty string. All characters are allowed except <%". + type: str + internalName: + description: Required for each attribute in the attribute list. All characters + are allowed except <%". + type: str + name: + description: Required for each attribute in the attribute list with no duplication + between attributes. All characters are allowed except <%". + type: str + type: + description: Required for each group in the group list. Allowed values STRING, + IP, BOOLEAN, INT, OCTET_STRING. + type: str + type: list + type: dict + adScopesNames: + description: String that contains the names of the scopes that the active directory + belongs to. Names are separated by comma. Alphanumeric, underscore (_) characters + are allowed. + type: str + adgroups: + description: Holds list of AD Groups. + suboptions: + groups: + description: List of Groups. + elements: dict + suboptions: + name: + description: Required for each group in the group list with no duplication + between groups. All characters are allowed except %. + type: str + sid: + description: Cisco ISE uses security identifiers (SIDs) for optimization + of group membership evaluation. SIDs are useful for efficiency (speed) + when the groups are evaluated. All characters are allowed except %. + type: str + type: + description: No character restriction. + type: str + type: list + type: dict + advancedSettings: + description: Active Directory Add Groups's advancedSettings. + suboptions: + agingTime: + description: Range 1-8760 hours. + type: int + authProtectionType: + description: Enable prevent AD account lockout. Allowed values - WIRELESS, - + WIRED, - BOTH. + type: str + country: + description: User info attribute. All characters are allowed except %. + type: str + department: + description: User info attribute. All characters are allowed except %. + type: str + email: + description: User info attribute. All characters are allowed except %. + type: str + enableCallbackForDialinClient: + description: EnableCallbackForDialinClient flag. + type: bool + enableDialinPermissionCheck: + description: EnableDialinPermissionCheck flag. + type: bool + enableFailedAuthProtection: + description: Enable prevent AD account lockout due to too many bad password + attempts. + type: bool + enableMachineAccess: + description: EnableMachineAccess flag. + type: bool + enableMachineAuth: + description: EnableMachineAuth flag. + type: bool + enablePassChange: + description: EnablePassChange flag. + type: bool + enableRewrites: + description: EnableRewrites flag. + type: bool + failedAuthThreshold: + description: Number of bad password attempts. + type: int + firstName: + description: User info attribute. All characters are allowed except %. + type: str + identityNotInAdBehaviour: + description: Allowed values REJECT, SEARCH_JOINED_FOREST, SEARCH_ALL. + type: str + jobTitle: + description: User info attribute. All characters are allowed except %. + type: str + lastName: + description: User info attribute. All characters are allowed except %. + type: str + locality: + description: User info attribute. All characters are allowed except %. + type: str + organizationalUnit: + description: User info attribute. All characters are allowed except %. + type: str + plaintextAuth: + description: PlaintextAuth flag. + type: bool + rewriteRules: + description: Identity rewrite is an advanced feature that directs Cisco ISE + to manipulate the identity before it is passed to the external Active Directory + system. You can create rules to change the identity to a desired format that + includes or excludes a domain prefix and/or suffix or other additional markup + of your choice. + elements: dict + suboptions: + rewriteMatch: + description: Required for each rule in the list with no duplication between + rules. All characters are allowed except %". + type: str + rewriteResult: + description: Required for each rule in the list. All characters are allowed + except %". + type: str + rowId: + description: Required for each rule in the list in serial order. + type: int + type: list + schema: + description: Allowed values ACTIVE_DIRECTORY, CUSTOM. Choose ACTIVE_DIRECTORY + schema when the AD attributes defined in AD can be copied to relevant attributes + in Cisco ISE. If customization is needed, choose CUSTOM schema. All User info + attributes are always set to default value if schema is ACTIVE_DIRECTORY. + Values can be changed only for CUSTOM schema. + type: str + stateOrProvince: + description: User info attribute. All characters are allowed except %. + type: str + streetAddress: + description: User info attribute. All characters are allowed except %. + type: str + telephone: + description: User info attribute. All characters are allowed except %. + type: str + unreachableDomainsBehaviour: + description: Allowed values PROCEED, DROP. + type: str + type: dict + description: + description: No character restriction. + type: str + domain: + description: The AD domain. Alphanumeric, hyphen (-) and dot (.) characters are + allowed. + type: str + enableDomainWhiteList: + description: EnableDomainWhiteList flag. + type: bool + id: + description: Resource UUID value. + type: str + name: + description: Resource Name. Maximum 32 characters allowed. Allowed characters are + alphanumeric and .-_/\\ characters. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.load_groups_from_domain, + + - Paths used are + put /ers/config/activedirectory/{id}/addGroups, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.active_directory_add_groups: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + adAttributes: + attributes: + - defaultValue: string + internalName: string + name: string + type: string + adScopesNames: string + adgroups: + groups: + - name: string + sid: string + type: string + advancedSettings: + agingTime: 0 + authProtectionType: string + country: string + department: string + email: string + enableCallbackForDialinClient: true + enableDialinPermissionCheck: true + enableFailedAuthProtection: true + enableMachineAccess: true + enableMachineAuth: true + enablePassChange: true + enableRewrites: true + failedAuthThreshold: 0 + firstName: string + identityNotInAdBehaviour: string + jobTitle: string + lastName: string + locality: string + organizationalUnit: string + plaintextAuth: true + rewriteRules: + - rewriteMatch: string + rewriteResult: string + rowId: 0 + schema: string + stateOrProvince: string + streetAddress: string + telephone: string + unreachableDomainsBehaviour: string + description: string + domain: string + enableDomainWhiteList: true + id: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_groups_by_domain_info.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_groups_by_domain_info.py new file mode 100644 index 00000000..46dd9467 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_groups_by_domain_info.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_groups_by_domain_info +short_description: Information module for Active Directory Groups By Domain +description: +- Get all Active Directory Groups By Domain. +- This API lists the groups of the given domain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + additionalData: + description: Active Directory Get Groups By Domain Info's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Get Groups By Domain Info's name. + type: str + value: + description: Active Directory Get Groups By Domain Info's value. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.get_groups_by_domain, + + - Paths used are + put /ers/config/activedirectory/{id}/getGroupsByDomain, + +""" + +EXAMPLES = r""" +- name: Get all Active Directory Groups By Domain + cisco.ise.active_directory_groups_by_domain_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + additionalData: + - name: domain + value: Required. The domain whose groups we want to fetch + - name: filter + value: Optional. Exact match filter on group's CN + - name: sidFilter + value: Optional. Exact match filter on group's SID, optionally specifying the domain + as prefix. e.g. S-1-5-33-544 and R1.dom/S-1-5-33-544 are legal + - name: typeFilter + value: Optional. Can be exactly one of:BUILTIN, DOMAIN LOCAL, GLOBAL, UNIVERSAL + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "groups": [ + { + "groupName": "string", + "sid": "string", + "type": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_info.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_info.py new file mode 100644 index 00000000..5291dfc1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_info.py @@ -0,0 +1,236 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_info +short_description: Information module for Active Directory +description: +- Get all Active Directory. +- Get Active Directory by id. +- Get Active Directory by name. +- This API allows the client to get Active Directory by name. +- This API fetchs the join point details by ID. The ID can be retrieved with the. +- This API lists all the join points for Active Directory domains in Cisco ISE. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.get_active_directory_by_id, + active_directory.ActiveDirectory.get_active_directory_by_name, + active_directory.ActiveDirectory.get_active_directory_generator, + + - Paths used are + get /ers/config/activedirectory, + get /ers/config/activedirectory/name/{name}, + get /ers/config/activedirectory/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Active Directory + cisco.ise.active_directory_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Active Directory by id + cisco.ise.active_directory_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Active Directory by name + cisco.ise.active_directory_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "domain": "string", + "enableDomainWhiteList": true, + "enableDomainAllowedList": true, + "adgroups": { + "groups": [ + { + "name": "string", + "sid": "string", + "type": "string" + } + ] + }, + "advancedSettings": { + "enablePassChange": true, + "enableMachineAuth": true, + "enableMachineAccess": true, + "agingTime": 0, + "enableDialinPermissionCheck": true, + "enableCallbackForDialinClient": true, + "plaintextAuth": true, + "enableFailedAuthProtection": true, + "authProtectionType": "string", + "failedAuthThreshold": 0, + "identityNotInAdBehaviour": "string", + "unreachableDomainsBehaviour": "string", + "enableRewrites": true, + "rewriteRules": [ + { + "rowId": 0, + "rewriteMatch": "string", + "rewriteResult": "string" + } + ], + "firstName": "string", + "department": "string", + "lastName": "string", + "organizationalUnit": "string", + "jobTitle": "string", + "locality": "string", + "email": "string", + "stateOrProvince": "string", + "telephone": "string", + "country": "string", + "streetAddress": "string", + "schema": "string" + }, + "adAttributes": { + "attributes": [ + { + "name": "string", + "type": "string", + "internalName": "string", + "defaultValue": "string" + } + ] + }, + "adScopesNames": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "domain": "string", + "enableDomainWhiteList": true, + "enableDomainAllowedList": true, + "adgroups": { + "groups": [ + { + "name": "string", + "sid": "string", + "type": "string" + } + ] + }, + "advancedSettings": { + "enablePassChange": true, + "enableMachineAuth": true, + "enableMachineAccess": true, + "agingTime": 0, + "enableDialinPermissionCheck": true, + "enableCallbackForDialinClient": true, + "plaintextAuth": true, + "enableFailedAuthProtection": true, + "authProtectionType": "string", + "failedAuthThreshold": 0, + "identityNotInAdBehaviour": "string", + "unreachableDomainsBehaviour": "string", + "enableRewrites": true, + "rewriteRules": [ + { + "rowId": 0, + "rewriteMatch": "string", + "rewriteResult": "string" + } + ], + "firstName": "string", + "department": "string", + "lastName": "string", + "organizationalUnit": "string", + "jobTitle": "string", + "locality": "string", + "email": "string", + "stateOrProvince": "string", + "telephone": "string", + "country": "string", + "streetAddress": "string", + "schema": "string" + }, + "adAttributes": { + "attributes": [ + { + "name": "string", + "type": "string", + "internalName": "string", + "defaultValue": "string" + } + ] + }, + "adScopesNames": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_is_user_member_of_group_info.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_is_user_member_of_group_info.py new file mode 100644 index 00000000..2584e6f5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_is_user_member_of_group_info.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_is_user_member_of_group_info +short_description: Information module for Active Directory Is User Member Of Group +description: +- Get all Active Directory Is User Member Of Group. +- This API verifies if the user is a member of the given groups. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + additionalData: + description: Active Directory Is User Member Of Group's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Is User Member Of Group's name. + type: str + value: + description: Active Directory Is User Member Of Group's value. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.is_user_member_of_groups, + + - Paths used are + put /ers/config/activedirectory/{id}/isUserMemberOf, + +""" + +EXAMPLES = r""" +- name: Get all Active Directory Is User Member Of Group + cisco.ise.active_directory_is_user_member_of_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + additionalData: + - name: username + value: Required. Perform the check on this user + - name: groupsids + value: Required. Membership is looked for. The result will be a subset of this list + of the groups the user is a member of + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "groups": [ + { + "groupName": "string", + "sid": "string", + "type": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain.py new file mode 100644 index 00000000..b07f435c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain.py @@ -0,0 +1,74 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_join_domain +short_description: Resource module for Active Directory Join Domain +description: +- Manage operation update of the resource Active Directory Join Domain. +- This API joins a Cisco ISE node to an Active Directory domain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Active Directory Join Domain's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Join Domain's name. + type: str + value: + description: Active Directory Join Domain's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.join_domain, + + - Paths used are + put /ers/config/activedirectory/{id}/join, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.active_directory_join_domain: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: username + value: Required. The domain user to use + - name: password + value: Required. The domain user's password + - name: node + value: Required. The name of the ISE node to join the domain. The node names can + be retrieved with the "Node Details/Get All" ERS operation + - name: orgunit + value: Optional. The organizational unit in AD where the machine object for the + joined ISE will be stored. + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain_with_all_nodes.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain_with_all_nodes.py new file mode 100644 index 00000000..bc2e3055 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_join_domain_with_all_nodes.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_join_domain_with_all_nodes +short_description: Resource module for Active Directory Join Domain With All Nodes +description: +- Manage operation update of the resource Active Directory Join Domain With All Nodes. +- This API joins all Cisco ISE Nodes to an Active Directory domain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Active Directory Join Domain With All Nodes's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Join Domain With All Nodes's name. + type: str + value: + description: Active Directory Join Domain With All Nodes's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.join_domain_with_all_nodes, + + - Paths used are + put /ers/config/activedirectory/{id}/joinAllNodes, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.active_directory_join_domain_with_all_nodes: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: username + value: Required. The domain user to use + - name: password + value: Required. The domain user's password + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain.py new file mode 100644 index 00000000..26d84718 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain.py @@ -0,0 +1,74 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_leave_domain +short_description: Resource module for Active Directory Leave Domain +description: +- Manage operation update of the resource Active Directory Leave Domain. +- This API makes a Cisco ISE node to leave an Active Directory domain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Active Directory Leave Domain's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Leave Domain's name. + type: str + value: + description: Active Directory Leave Domain's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.leave_domain, + + - Paths used are + put /ers/config/activedirectory/{id}/leave, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.active_directory_leave_domain: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: username + value: Required. The domain user to use + - name: password + value: Required. The domain user's password + - name: node + value: Required. The name of the ISE node to leave the domain. The node names can + be retrieved with the "Node Details/Get All" ERS operation + - name: orgunit + value: Optional. The organizational unit in AD where the machine object for the + joined ISE will be stored + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain_with_all_nodes.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain_with_all_nodes.py new file mode 100644 index 00000000..78710362 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_leave_domain_with_all_nodes.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_leave_domain_with_all_nodes +short_description: Resource module for Active Directory Leave Domain With All Nodes +description: +- Manage operation update of the resource Active Directory Leave Domain With All Nodes. +- This API joins makes all Cisco ISE nodes leave an Active Directory domain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Active Directory Leave Domain With All Nodes's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Leave Domain With All Nodes's name. + type: str + value: + description: Active Directory Leave Domain With All Nodes's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.leave_domain_with_all_nodes, + + - Paths used are + put /ers/config/activedirectory/{id}/leaveAllNodes, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.active_directory_leave_domain_with_all_nodes: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: username + value: Required. The domain user to use + - name: password + value: Required. The domain user's password + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_trusted_domains_info.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_trusted_domains_info.py new file mode 100644 index 00000000..748478d7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_trusted_domains_info.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_trusted_domains_info +short_description: Information module for Active Directory Trusted Domains +description: +- Get all Active Directory Trusted Domains. +- This API gets the list of domains that are accessible through the given join. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.get_trusted_domains, + + - Paths used are + put /ers/config/activedirectory/{id}/getTrustedDomains, + +""" + +EXAMPLES = r""" +- name: Get all Active Directory Trusted Domains + cisco.ise.active_directory_trusted_domains_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "domains": [ + { + "dnsName": "string", + "forest": "string", + "unusableReason": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/active_directory_user_groups_info.py b/ansible_collections/cisco/ise/plugins/modules/active_directory_user_groups_info.py new file mode 100644 index 00000000..78692e0f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/active_directory_user_groups_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: active_directory_user_groups_info +short_description: Information module for Active Directory User Groups +description: +- Get all Active Directory User Groups. +- This API allows the client to get groups of which a given user is a member. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + additionalData: + description: Active Directory Get User Groups Info's additionalData. + elements: dict + suboptions: + name: + description: Active Directory Get User Groups Info's name. + type: str + value: + description: Active Directory Get User Groups Info's value. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + active_directory.ActiveDirectory.get_user_groups, + + - Paths used are + put /ers/config/activedirectory/{id}/getUserGroups, + +""" + +EXAMPLES = r""" +- name: Get all Active Directory User Groups + cisco.ise.active_directory_user_groups_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + additionalData: + - name: username + value: Required. The user to get its groups. + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "groups": [ + { + "groupName": "string", + "sid": "string", + "type": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/admin_user_info.py b/ansible_collections/cisco/ise/plugins/modules/admin_user_info.py new file mode 100644 index 00000000..23c7bc99 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/admin_user_info.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: admin_user_info +short_description: Information module for Admin User +description: +- Get all Admin User. +- Get Admin User by id. +- This API allows the client to get all the admin users. +- This API allows the client to get an admin user by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + admin_user.AdminUser.get_admin_user_by_id, + admin_user.AdminUser.get_admin_users_generator, + + - Paths used are + get /ers/config/adminuser, + get /ers/config/adminuser/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Admin User + cisco.ise.admin_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Admin User by id + cisco.ise.admin_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "id": "string", + "description": "string", + "enabled": true, + "password": "string", + "changePassword": true, + "includeSystemAlarmsInEmail": true, + "externalUser": true, + "inactiveAccountNeverDisabled": true, + "adminGroups": "string", + "customAttributes": {}, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "name": "string", + "id": "string", + "description": "string", + "enabled": true, + "password": "string", + "changePassword": true, + "includeSystemAlarmsInEmail": true, + "externalUser": true, + "inactiveAccountNeverDisabled": true, + "adminGroups": "string", + "customAttributes": {}, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/allowed_protocols.py b/ansible_collections/cisco/ise/plugins/modules/allowed_protocols.py new file mode 100644 index 00000000..6a9d3868 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/allowed_protocols.py @@ -0,0 +1,637 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: allowed_protocols +short_description: Resource module for Allowed Protocols +description: +- Manage operations create, update and delete of the resource Allowed Protocols. +- This API creates an allowed protocol. +- This API deletes an allowed protocol. +- This API allows the client to update an allowed protocol. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowChap: + description: AllowChap flag. + type: bool + allowEapFast: + description: AllowEapFast flag. + type: bool + allowEapMd5: + description: AllowEapMd5 flag. + type: bool + allowEapTls: + description: AllowEapTls flag. + type: bool + allowEapTtls: + description: AllowEapTtls flag. + type: bool + allowLeap: + description: AllowLeap flag. + type: bool + allowMsChapV1: + description: AllowMsChapV1 flag. + type: bool + allowMsChapV2: + description: AllowMsChapV2 flag. + type: bool + allowPapAscii: + description: AllowPapAscii flag. + type: bool + allowPeap: + description: AllowPeap flag. + type: bool + allowPreferredEapProtocol: + description: AllowPreferredEapProtocol flag. + type: bool + allowTeap: + description: AllowTeap flag. + type: bool + allowWeakCiphersForEap: + description: AllowWeakCiphersForEap flag. + type: bool + description: + description: Allowed Protocols's description. + type: str + eapFast: + description: The eapFast is required only if allowEapFast is true, otherwise it + must be ignored. The object eapFast contains the settings for EAP FAST protocol. + suboptions: + allowEapFastEapGtc: + description: AllowEapFastEapGtc flag. + type: bool + allowEapFastEapGtcPwdChange: + description: The allowEapFastEapGtcPwdChange is required only if allowEapFastEapGtc + is true, otherwise it must be ignored. + type: bool + allowEapFastEapGtcPwdChangeRetries: + description: The allowEapFastEapGtcPwdChangeRetries is required only if allowEapFastEapGtc + is true, otherwise it must be ignored. Valid range is 0-3. + type: int + allowEapFastEapMsChapV2: + description: AllowEapFastEapMsChapV2 flag. + type: bool + allowEapFastEapMsChapV2PwdChange: + description: The allowEapFastEapMsChapV2PwdChange is required only if allowEapFastEapMsChapV2 + is true, otherwise it must be ignored. + type: bool + allowEapFastEapMsChapV2PwdChangeRetries: + description: The allowEapFastEapMsChapV2PwdChangeRetries is required only if + eapTtlsEapMsChapV2 is true, otherwise it must be ignored. Valid range is 0-3. + type: int + allowEapFastEapTls: + description: AllowEapFastEapTls flag. + type: bool + allowEapFastEapTlsAuthOfExpiredCerts: + description: The allowEapFastEapTlsAuthOfExpiredCerts is required only if allowEapFastEapTls + is true, otherwise it must be ignored. + type: bool + eapFastDontUsePacsAcceptClientCert: + description: The eapFastDontUsePacsAcceptClientCert is required only if eapFastUsePacs + is FALSE, otherwise it must be ignored. + type: bool + eapFastDontUsePacsAllowMachineAuthentication: + description: The eapFastDontUsePacsAllowMachineAuthentication is required only + if eapFastUsePacs is FALSE, otherwise it must be ignored. + type: bool + eapFastEnableEAPChaining: + description: EapFastEnableEAPChaining flag. + type: bool + eapFastUsePacs: + description: EapFastUsePacs flag. + type: bool + eapFastUsePacsAcceptClientCert: + description: The eapFastUsePacsAcceptClientCert is required only if eapFastUsePacsAllowAuthenProvisioning + is true, otherwise it must be ignored. + type: bool + eapFastUsePacsAllowAnonymProvisioning: + description: The eapFastUsePacsAllowAnonymProvisioning is required only if eapFastUsePacs + is true, otherwise it must be ignored. + type: bool + eapFastUsePacsAllowAuthenProvisioning: + description: The eapFastUsePacsAllowAuthenProvisioning is required only if eapFastUsePacs + is true, otherwise it must be ignored. + type: bool + eapFastUsePacsAllowMachineAuthentication: + description: EapFastUsePacsAllowMachineAuthentication flag. + type: bool + eapFastUsePacsAuthorizationPacTtl: + description: The eapFastUsePacsAuthorizationPacTtl is required only if eapFastUsePacsStatelessSessionResume + is true, otherwise it must be ignored. + type: int + eapFastUsePacsAuthorizationPacTtlUnits: + description: The eapFastUsePacsAuthorizationPacTtlUnits is required only if + eapFastUsePacsStatelessSessionResume is true, otherwise it must be ignored. + Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. + type: str + eapFastUsePacsMachinePacTtl: + description: The eapFastUsePacsMachinePacTtl is required only if eapFastUsePacsAllowMachineAuthentication + is true, otherwise it must be ignored. + type: int + eapFastUsePacsMachinePacTtlUnits: + description: The eapFastUsePacsMachinePacTtlUnits is required only if eapFastUsePacsAllowMachineAuthentication + is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, + - HOURS, - DAYS, - WEEKS. + type: str + eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: + description: The eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning + is required only if eapFastUsePacsAllowAuthenProvisioning is true, otherwise + it must be ignored. + type: bool + eapFastUsePacsStatelessSessionResume: + description: The eapFastUsePacsStatelessSessionResume is required only if eapFastUsePacs + is true, otherwise it must be ignored. + type: bool + eapFastUsePacsTunnelPacTtl: + description: The eapFastUsePacsTunnelPacTtl is required only if eapFastUsePacs + is true, otherwise it must be ignored. + type: int + eapFastUsePacsTunnelPacTtlUnits: + description: The eapFastUsePacsTunnelPacTtlUnits is required only if eapFastUsePacs + is true, otherwise it must be ignored. Allowed Values - SECONDS, - MINUTES, + - HOURS, - DAYS, - WEEKS. + type: str + eapFastUsePacsUseProactivePacUpdatePrecentage: + description: The eapFastUsePacsUseProactivePacUpdatePrecentage is required only + if eapFastUsePacs is true, otherwise it must be ignored. + type: int + type: dict + eapTls: + description: The eapTls is required only if allowEapTls is true, otherwise it must + be ignored. The object eapTls contains the settings for EAP TLS protocol. + suboptions: + allowEapTlsAuthOfExpiredCerts: + description: AllowEapTlsAuthOfExpiredCerts flag. + type: bool + eapTlsEnableStatelessSessionResume: + description: EapTlsEnableStatelessSessionResume flag. + type: bool + eapTlsSessionTicketPrecentage: + description: The eapTlsSessionTicketPrecentage is required only if eapTlsEnableStatelessSessionResume + is true, otherwise it must be ignored. + type: int + eapTlsSessionTicketTtl: + description: Time to live. The eapTlsSessionTicketTtl is required only if eapTlsEnableStatelessSessionResume + is true, otherwise it must be ignored. + type: int + eapTlsSessionTicketTtlUnits: + description: Time to live time units. The eapTlsSessionTicketTtlUnits is required + only if eapTlsEnableStatelessSessionResume is true, otherwise it must be ignored. + Allowed Values - SECONDS, - MINUTES, - HOURS, - DAYS, - WEEKS. + type: str + type: dict + eapTlsLBit: + description: EapTlsLBit flag. + type: bool + eapTtls: + description: The eapTtls is required only if allowEapTtls is true, otherwise it + must be ignored. The object eapTtls contains the settings for EAP TTLS protocol. + suboptions: + eapTtlsChap: + description: EapTtlsChap flag. + type: bool + eapTtlsEapMd5: + description: EapTtlsEapMd5 flag. + type: bool + eapTtlsEapMsChapV2: + description: EapTtlsEapMsChapV2 flag. + type: bool + eapTtlsEapMsChapV2PwdChange: + description: The eapTtlsEapMsChapV2PwdChange is required only if eapTtlsEapMsChapV2 + is true, otherwise it must be ignored. + type: bool + eapTtlsEapMsChapV2PwdChangeRetries: + description: The eapTtlsEapMsChapV2PwdChangeRetries is required only if eapTtlsEapMsChapV2 + is true, otherwise it must be ignored. Valid range is 0-3. + type: int + eapTtlsMsChapV1: + description: EapTtlsMsChapV1 flag. + type: bool + eapTtlsMsChapV2: + description: EapTtlsMsChapV2 flag. + type: bool + eapTtlsPapAscii: + description: EapTtlsPapAscii flag. + type: bool + type: dict + id: + description: Resource UUID, Mandatory for update. + type: str + name: + description: Resource Name. + type: str + peap: + description: Allowed Protocols's peap. + suboptions: + allowPeapEapGtc: + description: AllowPeapEapGtc flag. + type: bool + allowPeapEapGtcPwdChange: + description: The allowPeapEapGtcPwdChange is required only if allowPeapEapGtc + is true, otherwise it must be ignored. + type: bool + allowPeapEapGtcPwdChangeRetries: + description: The allowPeapEapGtcPwdChangeRetries is required only if allowPeapEapGtc + is true, otherwise it must be ignored. Valid range is 0-3. + type: int + allowPeapEapMsChapV2: + description: AllowPeapEapMsChapV2 flag. + type: bool + allowPeapEapMsChapV2PwdChange: + description: The allowPeapEapMsChapV2PwdChange is required only if allowPeapEapMsChapV2 + is true, otherwise it must be ignored. + type: bool + allowPeapEapMsChapV2PwdChangeRetries: + description: The allowPeapEapMsChapV2PwdChangeRetries is required only if allowPeapEapMsChapV2 + is true, otherwise it must be ignored. Valid range is 0-3. + type: int + allowPeapEapTls: + description: AllowPeapEapTls flag. + type: bool + allowPeapEapTlsAuthOfExpiredCerts: + description: The allowPeapEapTlsAuthOfExpiredCerts is required only if allowPeapEapTls + is true, otherwise it must be ignored. + type: bool + allowPeapV0: + description: AllowPeapV0 flag. + type: bool + requireCryptobinding: + description: RequireCryptobinding flag. + type: bool + type: dict + preferredEapProtocol: + description: The preferredEapProtocol is required only if allowPreferredEapProtocol + is true, otherwise it must be ignored. Allowed Values - EAP_FAST, - PEAP, - LEAP, + - EAP_MD5, - EAP_TLS, - EAP_TTLS, - TEAP. + type: str + processHostLookup: + description: ProcessHostLookup flag. + type: bool + requireMessageAuth: + description: RequireMessageAuth flag. + type: bool + teap: + description: The teap is required only if allowTeap is true, otherwise it must be + ignored. The object teap contains the settings for TEAP protocol. + suboptions: + acceptClientCertDuringTunnelEst: + description: AcceptClientCertDuringTunnelEst flag. + type: bool + allowDowngradeMsk: + description: AllowDowngradeMsk flag. + type: bool + allowTeapEapMsChapV2: + description: AllowTeapEapMsChapV2 flag. + type: bool + allowTeapEapMsChapV2PwdChange: + description: The allowTeapEapMsChapV2PwdChange is required only if allowTeapEapMsChapV2 + is true, otherwise it must be ignored. + type: bool + allowTeapEapMsChapV2PwdChangeRetries: + description: The allowTeapEapMsChapV2PwdChangeRetries is required only if allowTeapEapMsChapV2 + is true, otherwise it must be ignored. Valid range is 0-3. + type: int + allowTeapEapTls: + description: AllowTeapEapTls flag. + type: bool + allowTeapEapTlsAuthOfExpiredCerts: + description: The allowTeapEapTlsAuthOfExpiredCerts is required only if allowTeapEapTls + is true, otherwise it must be ignored. + type: bool + enableEapChaining: + description: EnableEapChaining flag. + type: bool + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + allowed_protocols.AllowedProtocols.create_allowed_protocol, + allowed_protocols.AllowedProtocols.delete_allowed_protocol_by_id, + allowed_protocols.AllowedProtocols.update_allowed_protocol_by_id, + + - Paths used are + post /ers/config/allowedprotocols, + delete /ers/config/allowedprotocols/{id}, + put /ers/config/allowedprotocols/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.allowed_protocols: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowChap: true + allowEapFast: true + allowEapMd5: true + allowEapTls: true + allowEapTtls: true + allowLeap: true + allowMsChapV1: true + allowMsChapV2: true + allowPapAscii: true + allowPeap: true + allowPreferredEapProtocol: true + allowTeap: true + allowWeakCiphersForEap: true + description: string + eapFast: + allowEapFastEapGtc: true + allowEapFastEapGtcPwdChange: true + allowEapFastEapGtcPwdChangeRetries: 0 + allowEapFastEapMsChapV2: true + allowEapFastEapMsChapV2PwdChange: true + allowEapFastEapMsChapV2PwdChangeRetries: 0 + allowEapFastEapTls: true + allowEapFastEapTlsAuthOfExpiredCerts: true + eapFastDontUsePacsAcceptClientCert: true + eapFastDontUsePacsAllowMachineAuthentication: true + eapFastEnableEAPChaining: true + eapFastUsePacs: true + eapFastUsePacsAcceptClientCert: true + eapFastUsePacsAllowAnonymProvisioning: true + eapFastUsePacsAllowAuthenProvisioning: true + eapFastUsePacsAllowMachineAuthentication: true + eapFastUsePacsAuthorizationPacTtl: 0 + eapFastUsePacsAuthorizationPacTtlUnits: string + eapFastUsePacsMachinePacTtl: 0 + eapFastUsePacsMachinePacTtlUnits: string + eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true + eapFastUsePacsStatelessSessionResume: true + eapFastUsePacsTunnelPacTtl: 0 + eapFastUsePacsTunnelPacTtlUnits: string + eapFastUsePacsUseProactivePacUpdatePrecentage: 0 + eapTls: + allowEapTlsAuthOfExpiredCerts: true + eapTlsEnableStatelessSessionResume: true + eapTlsSessionTicketPrecentage: 0 + eapTlsSessionTicketTtl: 0 + eapTlsSessionTicketTtlUnits: string + eapTlsLBit: true + eapTtls: + eapTtlsChap: true + eapTtlsEapMd5: true + eapTtlsEapMsChapV2: true + eapTtlsEapMsChapV2PwdChange: true + eapTtlsEapMsChapV2PwdChangeRetries: 0 + eapTtlsMsChapV1: true + eapTtlsMsChapV2: true + eapTtlsPapAscii: true + id: string + name: string + peap: + allowPeapEapGtc: true + allowPeapEapGtcPwdChange: true + allowPeapEapGtcPwdChangeRetries: 0 + allowPeapEapMsChapV2: true + allowPeapEapMsChapV2PwdChange: true + allowPeapEapMsChapV2PwdChangeRetries: 0 + allowPeapEapTls: true + allowPeapEapTlsAuthOfExpiredCerts: true + allowPeapV0: true + requireCryptobinding: true + preferredEapProtocol: string + processHostLookup: true + requireMessageAuth: true + teap: + acceptClientCertDuringTunnelEst: true + allowDowngradeMsk: true + allowTeapEapMsChapV2: true + allowTeapEapMsChapV2PwdChange: true + allowTeapEapMsChapV2PwdChangeRetries: 0 + allowTeapEapTls: true + allowTeapEapTlsAuthOfExpiredCerts: true + enableEapChaining: true + +- name: Delete by id + cisco.ise.allowed_protocols: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.allowed_protocols: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowChap: true + allowEapFast: true + allowEapMd5: true + allowEapTls: true + allowEapTtls: true + allowLeap: true + allowMsChapV1: true + allowMsChapV2: true + allowPapAscii: true + allowPeap: true + allowPreferredEapProtocol: true + allowTeap: true + allowWeakCiphersForEap: true + description: string + eapFast: + allowEapFastEapGtc: true + allowEapFastEapGtcPwdChange: true + allowEapFastEapGtcPwdChangeRetries: 0 + allowEapFastEapMsChapV2: true + allowEapFastEapMsChapV2PwdChange: true + allowEapFastEapMsChapV2PwdChangeRetries: 0 + allowEapFastEapTls: true + allowEapFastEapTlsAuthOfExpiredCerts: true + eapFastDontUsePacsAcceptClientCert: true + eapFastDontUsePacsAllowMachineAuthentication: true + eapFastEnableEAPChaining: true + eapFastUsePacs: true + eapFastUsePacsAcceptClientCert: true + eapFastUsePacsAllowAnonymProvisioning: true + eapFastUsePacsAllowAuthenProvisioning: true + eapFastUsePacsAllowMachineAuthentication: true + eapFastUsePacsAuthorizationPacTtl: 0 + eapFastUsePacsAuthorizationPacTtlUnits: string + eapFastUsePacsMachinePacTtl: 0 + eapFastUsePacsMachinePacTtlUnits: string + eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning: true + eapFastUsePacsStatelessSessionResume: true + eapFastUsePacsTunnelPacTtl: 0 + eapFastUsePacsTunnelPacTtlUnits: string + eapFastUsePacsUseProactivePacUpdatePrecentage: 0 + eapTls: + allowEapTlsAuthOfExpiredCerts: true + eapTlsEnableStatelessSessionResume: true + eapTlsSessionTicketPrecentage: 0 + eapTlsSessionTicketTtl: 0 + eapTlsSessionTicketTtlUnits: string + eapTlsLBit: true + eapTtls: + eapTtlsChap: true + eapTtlsEapMd5: true + eapTtlsEapMsChapV2: true + eapTtlsEapMsChapV2PwdChange: true + eapTtlsEapMsChapV2PwdChangeRetries: 0 + eapTtlsMsChapV1: true + eapTtlsMsChapV2: true + eapTtlsPapAscii: true + name: string + peap: + allowPeapEapGtc: true + allowPeapEapGtcPwdChange: true + allowPeapEapGtcPwdChangeRetries: 0 + allowPeapEapMsChapV2: true + allowPeapEapMsChapV2PwdChange: true + allowPeapEapMsChapV2PwdChangeRetries: 0 + allowPeapEapTls: true + allowPeapEapTlsAuthOfExpiredCerts: true + allowPeapV0: true + requireCryptobinding: true + preferredEapProtocol: string + processHostLookup: true + requireMessageAuth: true + teap: + acceptClientCertDuringTunnelEst: true + allowDowngradeMsk: true + allowTeapEapMsChapV2: true + allowTeapEapMsChapV2PwdChange: true + allowTeapEapMsChapV2PwdChangeRetries: 0 + allowTeapEapTls: true + allowTeapEapTlsAuthOfExpiredCerts: true + enableEapChaining: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "eapTls": { + "allowEapTlsAuthOfExpiredCerts": true, + "eapTlsEnableStatelessSessionResume": true, + "eapTlsSessionTicketTtl": 0, + "eapTlsSessionTicketTtlUnits": "string", + "eapTlsSessionTicketPrecentage": 0 + }, + "peap": { + "allowPeapEapMsChapV2": true, + "allowPeapEapMsChapV2PwdChange": true, + "allowPeapEapMsChapV2PwdChangeRetries": 0, + "allowPeapEapGtc": true, + "allowPeapEapGtcPwdChange": true, + "allowPeapEapGtcPwdChangeRetries": 0, + "allowPeapEapTls": true, + "allowPeapEapTlsAuthOfExpiredCerts": true, + "requireCryptobinding": true, + "allowPeapV0": true + }, + "eapFast": { + "allowEapFastEapMsChapV2": true, + "allowEapFastEapMsChapV2PwdChange": true, + "allowEapFastEapMsChapV2PwdChangeRetries": 0, + "allowEapFastEapGtc": true, + "allowEapFastEapGtcPwdChange": true, + "allowEapFastEapGtcPwdChangeRetries": 0, + "allowEapFastEapTls": true, + "allowEapFastEapTlsAuthOfExpiredCerts": true, + "eapFastUsePacs": true, + "eapFastUsePacsTunnelPacTtl": 0, + "eapFastUsePacsTunnelPacTtlUnits": "string", + "eapFastUsePacsUseProactivePacUpdatePrecentage": 0, + "eapFastUsePacsAllowAnonymProvisioning": true, + "eapFastUsePacsAllowAuthenProvisioning": true, + "eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning": true, + "eapFastUsePacsAcceptClientCert": true, + "eapFastUsePacsMachinePacTtl": 0, + "eapFastUsePacsMachinePacTtlUnits": "string", + "eapFastUsePacsAllowMachineAuthentication": true, + "eapFastUsePacsStatelessSessionResume": true, + "eapFastUsePacsAuthorizationPacTtl": 0, + "eapFastUsePacsAuthorizationPacTtlUnits": "string", + "eapFastDontUsePacsAcceptClientCert": true, + "eapFastDontUsePacsAllowMachineAuthentication": true, + "eapFastEnableEAPChaining": true + }, + "eapTtls": { + "eapTtlsPapAscii": true, + "eapTtlsChap": true, + "eapTtlsMsChapV1": true, + "eapTtlsMsChapV2": true, + "eapTtlsEapMd5": true, + "eapTtlsEapMsChapV2": true, + "eapTtlsEapMsChapV2PwdChange": true, + "eapTtlsEapMsChapV2PwdChangeRetries": 0 + }, + "teap": { + "allowTeapEapMsChapV2": true, + "allowTeapEapMsChapV2PwdChange": true, + "allowTeapEapMsChapV2PwdChangeRetries": 0, + "allowTeapEapTls": true, + "allowTeapEapTlsAuthOfExpiredCerts": true, + "acceptClientCertDuringTunnelEst": true, + "enableEapChaining": true, + "allowDowngradeMsk": true + }, + "processHostLookup": true, + "allowPapAscii": true, + "allowChap": true, + "allowMsChapV1": true, + "allowMsChapV2": true, + "allowEapMd5": true, + "allowLeap": true, + "allowEapTls": true, + "allowEapTtls": true, + "allowEapFast": true, + "allowPeap": true, + "allowTeap": true, + "allowPreferredEapProtocol": true, + "preferredEapProtocol": "string", + "eapTlsLBit": true, + "allowWeakCiphersForEap": true, + "requireMessageAuth": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/allowed_protocols_info.py b/ansible_collections/cisco/ise/plugins/modules/allowed_protocols_info.py new file mode 100644 index 00000000..69241303 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/allowed_protocols_info.py @@ -0,0 +1,288 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: allowed_protocols_info +short_description: Information module for Allowed Protocols +description: +- Get all Allowed Protocols. +- Get Allowed Protocols by id. +- Get Allowed Protocols by name. +- This API allows the client to get all the allowed protocols. +- This API allows the client to get an allowed protocol by ID. +- This API allows the client to get an allowed protocol by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + allowed_protocols.AllowedProtocols.get_allowed_protocol_by_id, + allowed_protocols.AllowedProtocols.get_allowed_protocol_by_name, + allowed_protocols.AllowedProtocols.get_allowed_protocols_generator, + + - Paths used are + get /ers/config/allowedprotocols, + get /ers/config/allowedprotocols/name/{name}, + get /ers/config/allowedprotocols/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Allowed Protocols + cisco.ise.allowed_protocols_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Allowed Protocols by id + cisco.ise.allowed_protocols_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Allowed Protocols by name + cisco.ise.allowed_protocols_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "eapTls": { + "allowEapTlsAuthOfExpiredCerts": true, + "eapTlsEnableStatelessSessionResume": true, + "eapTlsSessionTicketTtl": 0, + "eapTlsSessionTicketTtlUnits": "string", + "eapTlsSessionTicketPrecentage": 0 + }, + "peap": { + "allowPeapEapMsChapV2": true, + "allowPeapEapMsChapV2PwdChange": true, + "allowPeapEapMsChapV2PwdChangeRetries": 0, + "allowPeapEapGtc": true, + "allowPeapEapGtcPwdChange": true, + "allowPeapEapGtcPwdChangeRetries": 0, + "allowPeapEapTls": true, + "allowPeapEapTlsAuthOfExpiredCerts": true, + "requireCryptobinding": true, + "allowPeapV0": true + }, + "eapFast": { + "allowEapFastEapMsChapV2": true, + "allowEapFastEapMsChapV2PwdChange": true, + "allowEapFastEapMsChapV2PwdChangeRetries": 0, + "allowEapFastEapGtc": true, + "allowEapFastEapGtcPwdChange": true, + "allowEapFastEapGtcPwdChangeRetries": 0, + "allowEapFastEapTls": true, + "allowEapFastEapTlsAuthOfExpiredCerts": true, + "eapFastUsePacs": true, + "eapFastUsePacsTunnelPacTtl": 0, + "eapFastUsePacsTunnelPacTtlUnits": "string", + "eapFastUsePacsUseProactivePacUpdatePrecentage": 0, + "eapFastUsePacsAllowAnonymProvisioning": true, + "eapFastUsePacsAllowAuthenProvisioning": true, + "eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning": true, + "eapFastUsePacsAcceptClientCert": true, + "eapFastUsePacsMachinePacTtl": 0, + "eapFastUsePacsMachinePacTtlUnits": "string", + "eapFastUsePacsAllowMachineAuthentication": true, + "eapFastUsePacsStatelessSessionResume": true, + "eapFastUsePacsAuthorizationPacTtl": 0, + "eapFastUsePacsAuthorizationPacTtlUnits": "string", + "eapFastDontUsePacsAcceptClientCert": true, + "eapFastDontUsePacsAllowMachineAuthentication": true, + "eapFastEnableEAPChaining": true + }, + "eapTtls": { + "eapTtlsPapAscii": true, + "eapTtlsChap": true, + "eapTtlsMsChapV1": true, + "eapTtlsMsChapV2": true, + "eapTtlsEapMd5": true, + "eapTtlsEapMsChapV2": true, + "eapTtlsEapMsChapV2PwdChange": true, + "eapTtlsEapMsChapV2PwdChangeRetries": 0 + }, + "teap": { + "allowTeapEapMsChapV2": true, + "allowTeapEapMsChapV2PwdChange": true, + "allowTeapEapMsChapV2PwdChangeRetries": 0, + "allowTeapEapTls": true, + "allowTeapEapTlsAuthOfExpiredCerts": true, + "acceptClientCertDuringTunnelEst": true, + "enableEapChaining": true, + "allowDowngradeMsk": true + }, + "processHostLookup": true, + "allowPapAscii": true, + "allowChap": true, + "allowMsChapV1": true, + "allowMsChapV2": true, + "allowEapMd5": true, + "allowLeap": true, + "allowEapTls": true, + "allowEapTtls": true, + "allowEapFast": true, + "allowPeap": true, + "allowTeap": true, + "allowPreferredEapProtocol": true, + "preferredEapProtocol": "string", + "eapTlsLBit": true, + "allowWeakCiphersForEap": true, + "requireMessageAuth": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "eapTls": { + "allowEapTlsAuthOfExpiredCerts": true, + "eapTlsEnableStatelessSessionResume": true, + "eapTlsSessionTicketTtl": 0, + "eapTlsSessionTicketTtlUnits": "string", + "eapTlsSessionTicketPrecentage": 0 + }, + "peap": { + "allowPeapEapMsChapV2": true, + "allowPeapEapMsChapV2PwdChange": true, + "allowPeapEapMsChapV2PwdChangeRetries": 0, + "allowPeapEapGtc": true, + "allowPeapEapGtcPwdChange": true, + "allowPeapEapGtcPwdChangeRetries": 0, + "allowPeapEapTls": true, + "allowPeapEapTlsAuthOfExpiredCerts": true, + "requireCryptobinding": true, + "allowPeapV0": true + }, + "eapFast": { + "allowEapFastEapMsChapV2": true, + "allowEapFastEapMsChapV2PwdChange": true, + "allowEapFastEapMsChapV2PwdChangeRetries": 0, + "allowEapFastEapGtc": true, + "allowEapFastEapGtcPwdChange": true, + "allowEapFastEapGtcPwdChangeRetries": 0, + "allowEapFastEapTls": true, + "allowEapFastEapTlsAuthOfExpiredCerts": true, + "eapFastUsePacs": true, + "eapFastUsePacsTunnelPacTtl": 0, + "eapFastUsePacsTunnelPacTtlUnits": "string", + "eapFastUsePacsUseProactivePacUpdatePrecentage": 0, + "eapFastUsePacsAllowAnonymProvisioning": true, + "eapFastUsePacsAllowAuthenProvisioning": true, + "eapFastUsePacsReturnAccessAcceptAfterAuthenticatedProvisioning": true, + "eapFastUsePacsAcceptClientCert": true, + "eapFastUsePacsMachinePacTtl": 0, + "eapFastUsePacsMachinePacTtlUnits": "string", + "eapFastUsePacsAllowMachineAuthentication": true, + "eapFastUsePacsStatelessSessionResume": true, + "eapFastUsePacsAuthorizationPacTtl": 0, + "eapFastUsePacsAuthorizationPacTtlUnits": "string", + "eapFastDontUsePacsAcceptClientCert": true, + "eapFastDontUsePacsAllowMachineAuthentication": true, + "eapFastEnableEAPChaining": true + }, + "eapTtls": { + "eapTtlsPapAscii": true, + "eapTtlsChap": true, + "eapTtlsMsChapV1": true, + "eapTtlsMsChapV2": true, + "eapTtlsEapMd5": true, + "eapTtlsEapMsChapV2": true, + "eapTtlsEapMsChapV2PwdChange": true, + "eapTtlsEapMsChapV2PwdChangeRetries": 0 + }, + "teap": { + "allowTeapEapMsChapV2": true, + "allowTeapEapMsChapV2PwdChange": true, + "allowTeapEapMsChapV2PwdChangeRetries": 0, + "allowTeapEapTls": true, + "allowTeapEapTlsAuthOfExpiredCerts": true, + "acceptClientCertDuringTunnelEst": true, + "enableEapChaining": true, + "allowDowngradeMsk": true + }, + "processHostLookup": true, + "allowPapAscii": true, + "allowChap": true, + "allowMsChapV1": true, + "allowMsChapV2": true, + "allowEapMd5": true, + "allowLeap": true, + "allowEapTls": true, + "allowEapTtls": true, + "allowEapFast": true, + "allowPeap": true, + "allowTeap": true, + "allowPreferredEapProtocol": true, + "preferredEapProtocol": "string", + "eapTlsLBit": true, + "allowWeakCiphersForEap": true, + "requireMessageAuth": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_apply.py b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_apply.py new file mode 100644 index 00000000..ebb530e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_apply.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_endpoint_apply +short_description: Resource module for ANC Endpoint Apply +description: +- Manage operation update of the resource ANC Endpoint Apply. +- This API allows the client to apply the required configuration. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: ANC Endpoint Apply's additionalData. + elements: dict + suboptions: + name: + description: ANC Endpoint Apply's name. + type: str + value: + description: ANC Endpoint Apply's value. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_endpoint.AncEndpoint.apply_anc_endpoint, + + - Paths used are + put /ers/config/ancendpoint/apply, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.anc_endpoint_apply: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: macAddress + value: MAC address + - name: ipAddress + value: IP address + - name: policyName + value: Policy Name + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_monitor_status_info.py new file mode 100644 index 00000000..64b14136 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_monitor_status_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_endpoint_bulk_monitor_status_info +short_description: Information module for ANC Endpoint Bulk Monitor Status +description: +- Get ANC Endpoint Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_endpoint.AncEndpoint.monitor_bulk_status_anc_endpoint, + + - Paths used are + get /ers/config/ancendpoint/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get ANC Endpoint Bulk Monitor Status by id + cisco.ise.anc_endpoint_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkID": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_request.py new file mode 100644 index 00000000..f2d1971d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_endpoint_bulk_request +short_description: Resource module for ANC Endpoint Bulk Request +description: +- Manage operation update of the resource ANC Endpoint Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: ANC Endpoint Bulk Request's operationType. + type: str + resourceMediaType: + description: ANC Endpoint Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_endpoint.AncEndpoint.bulk_request_for_anc_endpoint, + + - Paths used are + put /ers/config/ancendpoint/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.anc_endpoint_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_clear.py b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_clear.py new file mode 100644 index 00000000..371f16a2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_clear.py @@ -0,0 +1,64 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_endpoint_clear +short_description: Resource module for ANC Endpoint Clear +description: +- Manage operation update of the resource ANC Endpoint Clear. +- This API allows the client to clear the required configuration. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: ANC Endpoint Clear's additionalData. + elements: dict + suboptions: + name: + description: ANC Endpoint Clear's name. + type: str + value: + description: ANC Endpoint Clear's value. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_endpoint.AncEndpoint.clear_anc_endpoint, + + - Paths used are + put /ers/config/ancendpoint/clear, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.anc_endpoint_clear: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: macAddress + value: MAC address + - name: ipAddress + value: IP address + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_info.py b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_info.py new file mode 100644 index 00000000..8a198d96 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_endpoint_info.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_endpoint_info +short_description: Information module for ANC Endpoint +description: +- Get all ANC Endpoint. +- Get ANC Endpoint by id. +- This API allows the client to get all the ANC endpoints. +- This API allows the client to get an ANC endpoint by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_endpoint.AncEndpoint.get_anc_endpoint_by_id, + anc_endpoint.AncEndpoint.get_anc_endpoint_generator, + + - Paths used are + get /ers/config/ancendpoint, + get /ers/config/ancendpoint/{id}, + +""" + +EXAMPLES = r""" +- name: Get all ANC Endpoint + cisco.ise.anc_endpoint_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get ANC Endpoint by id + cisco.ise.anc_endpoint_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "macAddress": "string", + "policyName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "macAddress": "string", + "policyName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_policy.py b/ansible_collections/cisco/ise/plugins/modules/anc_policy.py new file mode 100644 index 00000000..67ae179e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_policy.py @@ -0,0 +1,122 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_policy +short_description: Resource module for ANC Policy +description: +- Manage operations create, update and delete of the resource ANC Policy. +- This API allows the client to create an ANC policy. +- This API allows the client to delete an ANC policy. +- This API allows the client to update an ANC policy. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + actions: + description: '- QUARANTINE Allows you to use Exception policies (authorization policies) + to limit or deny an endpoint access to the network. - PORTBOUNCE Resets the port + on the network device to which the endpoint is connected. - SHUTDOWN Shuts down + the port on the network device to which the endpoint is connected. - RE_AUTHENTICATE + Re-authenticates the session from the endpoint.' + elements: str + type: list + id: + description: ANC Policy's id. + type: str + name: + description: ANC Policy's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_policy.AncPolicy.create_anc_policy, + anc_policy.AncPolicy.delete_anc_policy_by_id, + anc_policy.AncPolicy.update_anc_policy_by_id, + + - Paths used are + post /ers/config/ancpolicy, + delete /ers/config/ancpolicy/{id}, + put /ers/config/ancpolicy/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.anc_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + actions: + - string + id: string + name: string + +- name: Delete by id + cisco.ise.anc_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.anc_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + actions: + - string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "actions": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ] + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_monitor_status_info.py new file mode 100644 index 00000000..1a3f9c08 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_monitor_status_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_policy_bulk_monitor_status_info +short_description: Information module for ANC Policy Bulk Monitor Status +description: +- Get ANC Policy Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_policy.AncPolicy.monitor_bulk_status_anc_policy, + + - Paths used are + get /ers/config/ancpolicy/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get ANC Policy Bulk Monitor Status by id + cisco.ise.anc_policy_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkID": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_request.py new file mode 100644 index 00000000..0161c722 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_policy_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_policy_bulk_request +short_description: Resource module for ANC Policy Bulk Request +description: +- Manage operation update of the resource ANC Policy Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: ANC Policy Bulk Request's operationType. + type: str + resourceMediaType: + description: ANC Policy Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_policy.AncPolicy.bulk_request_for_anc_policy, + + - Paths used are + put /ers/config/ancpolicy/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.anc_policy_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/anc_policy_info.py b/ansible_collections/cisco/ise/plugins/modules/anc_policy_info.py new file mode 100644 index 00000000..904267a3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/anc_policy_info.py @@ -0,0 +1,164 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: anc_policy_info +short_description: Information module for ANC Policy +description: +- Get all ANC Policy. +- Get ANC Policy by id. +- Get ANC Policy by name. +- This API allows the client to get all the ANC policies. +- This API allows the client to get an ANC policy by ID. +- This API allows the client to get an ANC policy by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + anc_policy.AncPolicy.get_anc_policy_by_id, + anc_policy.AncPolicy.get_anc_policy_by_name, + anc_policy.AncPolicy.get_anc_policy_generator, + + - Paths used are + get /ers/config/ancpolicy, + get /ers/config/ancpolicy/name/{name}, + get /ers/config/ancpolicy/{id}, + +""" + +EXAMPLES = r""" +- name: Get all ANC Policy + cisco.ise.anc_policy_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get ANC Policy by id + cisco.ise.anc_policy_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get ANC Policy by name + cisco.ise.anc_policy_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "actions": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "actions": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/authorization_profile.py b/ansible_collections/cisco/ise/plugins/modules/authorization_profile.py new file mode 100644 index 00000000..b00dd4aa --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/authorization_profile.py @@ -0,0 +1,403 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: authorization_profile +short_description: Resource module for Authorization Profile +description: +- Manage operations create, update and delete of the resource Authorization Profile. +- This API creates an authorization profile. +- This API deletes an authorization profile. +- This API allows the client to update an authorization profile. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + accessType: + description: Allowed Values - ACCESS_ACCEPT, - ACCESS_REJECT. + type: str + acl: + description: Authorization Profile's acl. + type: str + advancedAttributes: + description: Authorization Profile's advancedAttributes. + elements: dict + suboptions: + leftHandSideDictionaryAttribue: + description: Authorization Profile's leftHandSideDictionaryAttribue. + suboptions: + AdvancedAttributeValueType: + description: Authorization Profile's AdvancedAttributeValueType. + type: str + attributeName: + description: Authorization Profile's attributeName. + type: str + dictionaryName: + description: Authorization Profile's dictionaryName. + type: str + value: + description: Authorization Profile's value. + type: str + type: dict + rightHandSideAttribueValue: + description: Attribute value can be of type AttributeValue or AdvancedDictionaryAttribute. + For AttributeValue the value is String, For AdvancedDictionaryAttribute the + value is dictionaryName and attributeName properties. + suboptions: + AdvancedAttributeValueType: + description: Authorization Profile's AdvancedAttributeValueType. + type: str + attributeName: + description: Authorization Profile's attributeName. + type: str + dictionaryName: + description: Authorization Profile's dictionaryName. + type: str + value: + description: Authorization Profile's value. + type: str + type: dict + type: list + agentlessPosture: + description: AgentlessPosture flag. + type: bool + airespaceACL: + description: Authorization Profile's airespaceACL. + type: str + airespaceIPv6ACL: + description: Authorization Profile's airespaceIPv6ACL. + type: str + asaVpn: + description: Authorization Profile's asaVpn. + type: str + authzProfileType: + description: Allowed Values - SWITCH, - TRUSTSEC, - TACACS SWITCH is used for Standard + Authorization Profiles. + type: str + autoSmartPort: + description: Authorization Profile's autoSmartPort. + type: str + avcProfile: + description: Authorization Profile's avcProfile. + type: str + daclName: + description: Authorization Profile's daclName. + type: str + description: + description: Authorization Profile's description. + type: str + easywiredSessionCandidate: + description: EasywiredSessionCandidate flag. + type: bool + id: + description: Resource UUID value. + type: str + interfaceTemplate: + description: Authorization Profile's interfaceTemplate. + type: str + ipv6ACLFilter: + description: Authorization Profile's ipv6ACLFilter. + type: str + ipv6DaclName: + description: Authorization Profile's ipv6DaclName. + type: str + macSecPolicy: + description: Allowed Values - MUST_SECURE, - MUST_NOT_SECURE, - SHOULD_SECURE. + type: str + name: + description: Resource Name. + type: str + neat: + description: Neat flag. + type: bool + profileName: + description: Authorization Profile's profileName. + type: str + reauth: + description: Authorization Profile's reauth. + suboptions: + connectivity: + description: Allowed Values - DEFAULT, - RADIUS_REQUEST. + type: str + timer: + description: Valid range is 1-65535. + type: int + type: dict + serviceTemplate: + description: ServiceTemplate flag. + type: bool + trackMovement: + description: TrackMovement flag. + type: bool + vlan: + description: Authorization Profile's vlan. + suboptions: + nameID: + description: Authorization Profile's nameID. + type: str + tagID: + description: Valid range is 0-31. + type: int + type: dict + voiceDomainPermission: + description: VoiceDomainPermission flag. + type: bool + webAuth: + description: WebAuth flag. + type: bool + webRedirection: + description: Authorization Profile's webRedirection. + suboptions: + WebRedirectionType: + description: Value MUST be one of the following CentralizedWebAuth, HotSpot, + NativeSupplicanProvisioning, ClientProvisioning. The WebRedirectionType must + fit the portalName. + type: str + acl: + description: Authorization Profile's acl. + type: str + displayCertificatesRenewalMessages: + description: The displayCertificatesRenewalMessages is mandatory when 'WebRedirectionType' + value is 'CentralizedWebAuth'. For all other 'WebRedirectionType' values the + field must be ignored. + type: bool + portalName: + description: A portal that exist in the DB and fits the WebRedirectionType. + type: str + staticIPHostNameFQDN: + description: Authorization Profile's staticIPHostNameFQDN. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + authorization_profile.AuthorizationProfile.create_authorization_profile, + authorization_profile.AuthorizationProfile.delete_authorization_profile_by_id, + authorization_profile.AuthorizationProfile.update_authorization_profile_by_id, + + - Paths used are + post /ers/config/authorizationprofile, + delete /ers/config/authorizationprofile/{id}, + put /ers/config/authorizationprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.authorization_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accessType: string + acl: string + advancedAttributes: + - leftHandSideDictionaryAttribue: + AdvancedAttributeValueType: string + attributeName: string + dictionaryName: string + value: string + rightHandSideAttribueValue: + AdvancedAttributeValueType: string + attributeName: string + dictionaryName: string + value: string + agentlessPosture: true + airespaceACL: string + airespaceIPv6ACL: string + asaVpn: string + authzProfileType: string + autoSmartPort: string + avcProfile: string + daclName: string + description: string + easywiredSessionCandidate: true + id: string + interfaceTemplate: string + ipv6ACLFilter: string + ipv6DaclName: string + macSecPolicy: string + name: string + neat: true + profileName: string + reauth: + connectivity: string + timer: 0 + serviceTemplate: true + trackMovement: true + vlan: + nameID: string + tagID: 0 + voiceDomainPermission: true + webAuth: true + webRedirection: + WebRedirectionType: string + acl: string + displayCertificatesRenewalMessages: true + portalName: string + staticIPHostNameFQDN: string + +- name: Delete by id + cisco.ise.authorization_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.authorization_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accessType: string + acl: string + advancedAttributes: + - leftHandSideDictionaryAttribue: + AdvancedAttributeValueType: string + attributeName: string + dictionaryName: string + value: string + rightHandSideAttribueValue: + AdvancedAttributeValueType: string + attributeName: string + dictionaryName: string + value: string + agentlessPosture: true + airespaceACL: string + airespaceIPv6ACL: string + asaVpn: string + authzProfileType: string + autoSmartPort: string + avcProfile: string + daclName: string + description: string + easywiredSessionCandidate: true + id: string + interfaceTemplate: string + ipv6ACLFilter: string + ipv6DaclName: string + macSecPolicy: string + name: string + neat: true + profileName: string + reauth: + connectivity: string + timer: 0 + serviceTemplate: true + trackMovement: true + vlan: + nameID: string + tagID: 0 + voiceDomainPermission: true + webAuth: true + webRedirection: + WebRedirectionType: string + acl: string + displayCertificatesRenewalMessages: true + portalName: string + staticIPHostNameFQDN: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "advancedAttributes": [ + { + "leftHandSideDictionaryAttribue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + }, + "rightHandSideAttribueValue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + } + } + ], + "accessType": "string", + "authzProfileType": "string", + "vlan": { + "nameID": "string", + "tagID": 0 + }, + "reauth": { + "timer": 0, + "connectivity": "string" + }, + "airespaceACL": "string", + "airespaceIPv6ACL": "string", + "webRedirection": { + "WebRedirectionType": "string", + "acl": "string", + "portalName": "string", + "staticIPHostNameFQDN": "string", + "displayCertificatesRenewalMessages": true + }, + "acl": "string", + "trackMovement": true, + "agentlessPosture": true, + "serviceTemplate": true, + "easywiredSessionCandidate": true, + "daclName": "string", + "voiceDomainPermission": true, + "neat": true, + "webAuth": true, + "autoSmartPort": "string", + "interfaceTemplate": "string", + "ipv6ACLFilter": "string", + "avcProfile": "string", + "macSecPolicy": "string", + "asaVpn": "string", + "profileName": "string", + "ipv6DaclName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/authorization_profile_info.py b/ansible_collections/cisco/ise/plugins/modules/authorization_profile_info.py new file mode 100644 index 00000000..c4b89790 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/authorization_profile_info.py @@ -0,0 +1,226 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: authorization_profile_info +short_description: Information module for Authorization Profile +description: +- Get all Authorization Profile. +- Get Authorization Profile by id. +- Get Authorization Profile by name. +- This API allows the client to get all authorization profiles. +- This API allows the client to get an authorization profile by ID. +- This API allows the client to get an authorization profile by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + authorization_profile.AuthorizationProfile.get_authorization_profile_by_id, + authorization_profile.AuthorizationProfile.get_authorization_profile_by_name, + authorization_profile.AuthorizationProfile.get_authorization_profiles_generator, + + - Paths used are + get /ers/config/authorizationprofile, + get /ers/config/authorizationprofile/name/{name}, + get /ers/config/authorizationprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Authorization Profile + cisco.ise.authorization_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Authorization Profile by id + cisco.ise.authorization_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Authorization Profile by name + cisco.ise.authorization_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "advancedAttributes": [ + { + "leftHandSideDictionaryAttribue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + }, + "rightHandSideAttribueValue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + } + } + ], + "accessType": "string", + "authzProfileType": "string", + "vlan": { + "nameID": "string", + "tagID": 0 + }, + "reauth": { + "timer": 0, + "connectivity": "string" + }, + "airespaceACL": "string", + "airespaceIPv6ACL": "string", + "webRedirection": { + "WebRedirectionType": "string", + "acl": "string", + "portalName": "string", + "staticIPHostNameFQDN": "string", + "displayCertificatesRenewalMessages": true + }, + "acl": "string", + "trackMovement": true, + "agentlessPosture": true, + "serviceTemplate": true, + "easywiredSessionCandidate": true, + "daclName": "string", + "voiceDomainPermission": true, + "neat": true, + "webAuth": true, + "autoSmartPort": "string", + "interfaceTemplate": "string", + "ipv6ACLFilter": "string", + "avcProfile": "string", + "macSecPolicy": "string", + "asaVpn": "string", + "profileName": "string", + "ipv6DaclName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "advancedAttributes": [ + { + "leftHandSideDictionaryAttribue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + }, + "rightHandSideAttribueValue": { + "AdvancedAttributeValueType": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string" + } + } + ], + "accessType": "string", + "authzProfileType": "string", + "vlan": { + "nameID": "string", + "tagID": 0 + }, + "reauth": { + "timer": 0, + "connectivity": "string" + }, + "airespaceACL": "string", + "airespaceIPv6ACL": "string", + "webRedirection": { + "WebRedirectionType": "string", + "acl": "string", + "portalName": "string", + "staticIPHostNameFQDN": "string", + "displayCertificatesRenewalMessages": true + }, + "acl": "string", + "trackMovement": true, + "agentlessPosture": true, + "serviceTemplate": true, + "easywiredSessionCandidate": true, + "daclName": "string", + "voiceDomainPermission": true, + "neat": true, + "webAuth": true, + "autoSmartPort": "string", + "interfaceTemplate": "string", + "ipv6ACLFilter": "string", + "avcProfile": "string", + "macSecPolicy": "string", + "asaVpn": "string", + "profileName": "string", + "ipv6DaclName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_cancel.py b/ansible_collections/cisco/ise/plugins/modules/backup_cancel.py new file mode 100644 index 00000000..421c086d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_cancel.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_cancel +short_description: Resource module for Backup Cancel +description: +- Manage operation create of the resource Backup Cancel. +- Cancels the backup job running on the node. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.cancel_backup, + + - Paths used are + post /api/v1/backup-restore/config/cancel-backup, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.backup_cancel: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "action": "string", + "details": "string", + "error": "string", + "hostName": "string", + "initiatedFrom": "string", + "justComplete": "string", + "message": "string", + "name": "string", + "percentComplete": "string", + "repository": "string", + "scheduled": "string", + "startDate": "string", + "status": "string", + "type": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_config.py b/ansible_collections/cisco/ise/plugins/modules/backup_config.py new file mode 100644 index 00000000..ce5a43eb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_config.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_config +short_description: Resource module for Backup Config +description: +- Manage operation create of the resource Backup Config. +- Triggers on demand configuration backup on the ISE node. The API returns the task ID. Use the Task Service status API to get the status of the backup job. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + backupEncryptionKey: + description: The encyption key for the backed up file. Encryption key must satisfy + the following criteria - Contains at least one uppercase letter A-Z, Contains + at least one lowercase letter a-z, Contains at least one digit 0-9, Contain only + A-Za-z0-9_#, Has at least 8 characters, Has not more than 15 characters, Must + not contain 'CcIiSsCco', Must not begin with. + type: str + backupName: + description: The backup file will get saved with this name. + type: str + repositoryName: + description: Name of the configured repository where the generated backup file will + get copied. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.config_backup, + + - Paths used are + post /api/v1/backup-restore/config/backup, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.backup_config: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + backupEncryptionKey: string + backupName: string + repositoryName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_last_status_info.py b/ansible_collections/cisco/ise/plugins/modules/backup_last_status_info.py new file mode 100644 index 00000000..9b176d70 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_last_status_info.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_last_status_info +short_description: Information module for Backup Last Status +description: +- Get all Backup Last Status. +- Gives the last backup status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.get_last_config_backup_status, + + - Paths used are + get /api/v1/backup-restore/config/last-backup-status, + +""" + +EXAMPLES = r""" +- name: Get all Backup Last Status + cisco.ise.backup_last_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "action": "string", + "details": "string", + "error": "string", + "hostName": "string", + "initiatedFrom": "string", + "justComplete": "string", + "message": "string", + "name": "string", + "percentComplete": "string", + "repository": "string", + "scheduled": "string", + "startDate": "string", + "status": "string", + "type": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_restore.py b/ansible_collections/cisco/ise/plugins/modules/backup_restore.py new file mode 100644 index 00000000..1480f8d6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_restore.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_restore +short_description: Resource module for Backup RESTore +description: +- Manage operation create of the resource Backup RESTore. +- Triggers a configuration DB restore job on the ISE node. The API returns the task ID. Use the Task Service status API to get the status of the backup job. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + backupEncryptionKey: + description: The encryption key which was provided at the time of taking backup. + type: str + repositoryName: + description: Name of the configred repository where the backup file exists. + type: str + restoreFile: + description: Name of the backup file to be restored on ISE node. + type: str + restoreIncludeAdeos: + description: Determines whether the ADE-OS configure is restored. Possible values + true, false. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.restore_config_backup, + + - Paths used are + post /api/v1/backup-restore/config/restore, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.backup_restore: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + backupEncryptionKey: string + repositoryName: string + restoreFile: string + restoreIncludeAdeos: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config.py b/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config.py new file mode 100644 index 00000000..74ab9ab7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config.py @@ -0,0 +1,113 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_schedule_config +short_description: Resource module for Backup Schedule Config +description: +- Manage operation create of the resource Backup Schedule Config. +- Schedules the configuration backup on the ISE node as per the input parameters. This API helps in creating the schedule for the first time. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + backupDescription: + description: Description of the backup. + type: str + backupEncryptionKey: + description: The encyption key for the backed up file. Encryption key must satisfy + the following criteria - Contains at least one uppercase letter A-Z, Contains + at least one lowercase letter a-z, Contains at least one digit 0-9, Contain only + A-Za-z0-9_#, Has at least 8 characters, Has not more than 15 characters, Must + not contain 'CcIiSsCco', Must not begin with. + type: str + backupName: + description: The backup file will get saved with this name. + type: str + endDate: + description: End date of the scheduled backup job. Allowed format MM/DD/YYYY. End + date is not required in case of ONE_TIME frequency. + type: str + frequency: + description: Backup Schedule Config's frequency. + type: str + monthDay: + description: Day of month you want backup to be performed on when scheduled frequency + is MONTHLY. Allowed values - from 1 to 28. + type: str + repositoryName: + description: Name of the configured repository where the generated backup file will + get copied. + type: str + startDate: + description: Start date for scheduling the backup job. Allowed format MM/DD/YYYY. + type: str + status: + description: Backup Schedule Config's status. + type: str + time: + description: Time at which backup job get scheduled. Example- 12 00 AM. + type: str + weekDay: + description: Backup Schedule Config's weekDay. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.create_scheduled_config_backup, + + - Paths used are + post /api/v1/backup-restore/config/schedule-config-backup, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.backup_schedule_config: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + backupDescription: string + backupEncryptionKey: string + backupName: string + endDate: string + frequency: string + monthDay: string + repositoryName: string + startDate: string + status: string + time: string + weekDay: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "message": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config_update.py b/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config_update.py new file mode 100644 index 00000000..9babddc2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/backup_schedule_config_update.py @@ -0,0 +1,113 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: backup_schedule_config_update +short_description: Resource module for Backup Schedule Config Update +description: +- Manage operation update of the resource Backup Schedule Config Update. +- Update the Schedule of the configuration backup on the ISE node as per the input parameters. This API only helps in editing the schedule. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + backupDescription: + description: Description of the backup. + type: str + backupEncryptionKey: + description: The encyption key for the backed up file. Encryption key must satisfy + the following criteria - Contains at least one uppercase letter A-Z, Contains + at least one lowercase letter a-z, Contains at least one digit 0-9, Contain only + A-Za-z0-9_#, Has at least 8 characters, Has not more than 15 characters, Must + not contain 'CcIiSsCco', Must not begin with. + type: str + backupName: + description: The backup file will get saved with this name. + type: str + endDate: + description: End date of the scheduled backup job. Allowed format MM/DD/YYYY. End + date is not required in case of ONE_TIME frequency. + type: str + frequency: + description: Backup Schedule Config Update's frequency. + type: str + monthDay: + description: Day of month you want backup to be performed on when scheduled frequency + is MONTHLY. Allowed values - from 1 to 28. + type: str + repositoryName: + description: Name of the configured repository where the generated backup file will + get copied. + type: str + startDate: + description: Start date for scheduling the backup job. Allowed format MM/DD/YYYY. + type: str + status: + description: Backup Schedule Config Update's status. + type: str + time: + description: Time at which backup job get scheduled. Example- 12 00 AM. + type: str + weekDay: + description: Backup Schedule Config Update's weekDay. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Backup And Restore + description: Complete reference of the Backup And Restore API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!backup-and-restore-open-api +notes: + - SDK Method used are + backup_and_restore.BackupAndRestore.update_scheduled_config_backup, + + - Paths used are + put /api/v1/backup-restore/config/schedule-config-backup, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.backup_schedule_config_update: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + backupDescription: string + backupEncryptionKey: string + backupName: string + endDate: string + frequency: string + monthDay: string + repositoryName: string + startDate: string + status: string + time: string + weekDay: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "message": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/bind_signed_certificate.py b/ansible_collections/cisco/ise/plugins/modules/bind_signed_certificate.py new file mode 100644 index 00000000..74576e8c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/bind_signed_certificate.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: bind_signed_certificate +short_description: Resource module for Bind Signed Certificate +description: +- Manage operation create of the resource Bind Signed Certificate. +- Bind CA Signed Certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + admin: + description: Use certificate to authenticate the Cisco ISE Admin Portal. + type: bool + allowExtendedValidity: + description: Allow import of certificates with validity greater than 398 days (required). + type: bool + allowOutOfDateCert: + description: Allow out of date certificates (required). + type: bool + allowReplacementOfCertificates: + description: Allow Replacement of certificates (required). + type: bool + allowReplacementOfPortalGroupTag: + description: Allow Replacement of Portal Group Tag (required). + type: bool + data: + description: Signed certificate data (required). + type: str + eap: + description: Use certificate for EAP protocols that use SSL/TLS tunneling. + type: bool + hostName: + description: Name of Host whose CSR ID has been provided (required). + type: str + id: + description: ID of the generated CSR (required). + type: str + ims: + description: Use certificate for the Cisco ISE Messaging Service. + type: bool + name: + description: Friendly Name of the certificate. + type: str + portal: + description: Use for portal. + type: bool + portalGroupTag: + description: Set Group tag. + type: str + pxgrid: + description: Use certificate for the pxGrid Controller. + type: bool + radius: + description: Use certificate for the RADSec server. + type: bool + saml: + description: Use certificate for SAML Signing. + type: bool + validateCertificateExtensions: + description: Validate Certificate Extensions. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.bind_csr, + + - Paths used are + post /api/v1/certs/signed-certificate/bind, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.bind_signed_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + admin: true + allowExtendedValidity: true + allowOutOfDateCert: true + allowReplacementOfCertificates: true + allowReplacementOfPortalGroupTag: true + data: string + eap: true + hostName: string + id: string + ims: true + name: string + portal: true + portalGroupTag: string + pxgrid: true + radius: true + saml: true + validateCertificateExtensions: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "message": "string", + "status": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/byod_portal.py b/ansible_collections/cisco/ise/plugins/modules/byod_portal.py new file mode 100644 index 00000000..c3b77fad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/byod_portal.py @@ -0,0 +1,561 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: byod_portal +short_description: Resource module for BYOD Portal +description: +- Manage operations create, update and delete of the resource BYOD Portal. +- This API creates a BYOD portal. +- This API deletes a BYOD portal by ID. +- This API allows the client to update a BYOD portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Defines all of the Portal Customizations available for a BYOD. + suboptions: + globalCustomizations: + description: Represent the portal Global customizations. + suboptions: + backgroundImage: + description: BYOD Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: BYOD Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: BYOD Portal's bannerTitle. + type: str + contactText: + description: BYOD Portal's contactText. + type: str + desktopLogoImage: + description: BYOD Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: BYOD Portal's footerElement. + type: str + mobileLogoImage: + description: BYOD Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: BYOD Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Represent the entire page customization as a giant dictionary. + suboptions: + data: + description: The Dictionary will be exposed here as key value pair. + elements: dict + suboptions: + key: + description: BYOD Portal's key. + type: str + value: + description: BYOD Portal's value. + type: str + type: list + type: dict + portalTheme: + description: Defines the configuration for portal theme. + suboptions: + id: + description: The unique internal identifier of the portal theme. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: BYOD Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: BYOD Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: BYOD Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: BYOD Portal's description. + type: str + id: + description: Resource UUID, mandatory for update. + type: str + name: + description: Resource Name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a BYOD. + suboptions: + byodSettings: + description: Configuration of BYOD Device Welcome, Registration and Success + steps. + suboptions: + byodRegistrationSettings: + description: BYOD Portal's byodRegistrationSettings. + suboptions: + endPointIdentityGroupId: + description: BYOD Portal's endPointIdentityGroupId. + type: str + showDeviceID: + description: ShowDeviceID flag. + type: bool + type: dict + byodRegistrationSuccessSettings: + description: BYOD Portal's byodRegistrationSuccessSettings. + suboptions: + redirectUrl: + description: Target URL for redirection, used when successRedirect = + URL. + type: str + successRedirect: + description: After an Authentication Success where should device be + redirected. Allowed values. + type: str + type: dict + byodWelcomeSettings: + description: Configuration of BYOD endpoint welcome step configuration. + suboptions: + aupDisplay: + description: How the AUP should be displayed, either on page or as a + link. Only valid if includeAup = true. Allowed values - ONPAGE, - + ASLINK. + type: str + enableBYOD: + description: EnableBYOD flag. + type: bool + enableGuestAccess: + description: EnableGuestAccess flag. + type: bool + includeAup: + description: IncludeAup flag. + type: bool + requireAupAcceptance: + description: RequireAupAcceptance flag. + type: bool + requireMDM: + description: RequireMDM flag. + type: bool + requireScrolling: + description: Require BYOD devices to scroll down to the bottom of the + AUP, Only valid if includeAup = true. + type: bool + type: dict + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0, - eth1, - eth2, - eth3, - eth4, - eth5, - bond0, - bond1, - bond2. + elements: str + type: list + alwaysUsedLanguage: + description: Used when displayLang = ALWAYSUSE. + type: str + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + endpointIdentityGroup: + description: Unique Id of the endpoint identity group where user's devices + will be added. Used only in Hotspot Portal. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + type: dict + supportInfoSettings: + description: BYOD Portal's supportInfoSettings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + byod_portal.ByodPortal.create_byod_portal, + byod_portal.ByodPortal.delete_byod_portal_by_id, + byod_portal.ByodPortal.update_byod_portal_by_id, + + - Paths used are + post /ers/config/byodportal, + delete /ers/config/byodportal/{id}, + put /ers/config/byodportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.byod_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.byod_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.byod_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/byod_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/byod_portal_info.py new file mode 100644 index 00000000..ed187dfa --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/byod_portal_info.py @@ -0,0 +1,313 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: byod_portal_info +short_description: Information module for BYOD Portal +description: +- Get all BYOD Portal. +- Get BYOD Portal by id. +- This API allows the client to get a BYOD portal by ID. +- This API allows the client to get all the BYOD portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Portal id. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + byod_portal.ByodPortal.get_byod_portal_by_id, + byod_portal.ByodPortal.get_byod_portal_generator, + + - Paths used are + get /ers/config/byodportal, + get /ers/config/byodportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all BYOD Portal + cisco.ise.byod_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get BYOD Portal by id + cisco.ise.byod_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/certificate_profile.py b/ansible_collections/cisco/ise/plugins/modules/certificate_profile.py new file mode 100644 index 00000000..dcddcd19 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/certificate_profile.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: certificate_profile +short_description: Resource module for Certificate Profile +description: +- Manage operations create and update of the resource Certificate Profile. +- This API allows the client to create a certificate profile. +- This API allows the client to update a certificate profile. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowedAsUserName: + description: AllowedAsUserName flag. + type: bool + certificateAttributeName: + description: Attribute name of the Certificate Profile - used only when CERTIFICATE + is chosen in usernameFrom. Allowed values - SUBJECT_COMMON_NAME - SUBJECT_ALTERNATIVE_NAME + - SUBJECT_SERIAL_NUMBER - SUBJECT - SUBJECT_ALTERNATIVE_NAME_OTHER_NAME - SUBJECT_ALTERNATIVE_NAME_EMAIL + - SUBJECT_ALTERNATIVE_NAME_DNS. - Additional internal value ALL_SUBJECT_AND_ALTERNATIVE_NAMES + is used automatically when usernameFrom=UPN. + type: str + description: + description: Certificate Profile's description. + type: str + externalIdentityStoreName: + description: Referred IDStore name for the Certificate Profile or not applicable + in case no identity store is chosen. + type: str + id: + description: Certificate Profile's id. + type: str + matchMode: + description: Match mode of the Certificate Profile. Allowed values - NEVER - RESOLVE_IDENTITY_AMBIGUITY + - BINARY_COMPARISON. + type: str + name: + description: Certificate Profile's name. + type: str + usernameFrom: + description: The attribute in the certificate where the user name should be taken + from. Allowed values - CERTIFICATE (for a specific attribute as defined in certificateAttributeName) + - UPN (for using any Subject or Alternative Name Attributes in the Certificate + - an option only in AD). + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + certificate_profile.CertificateProfile.create_certificate_profile, + certificate_profile.CertificateProfile.update_certificate_profile_by_id, + + - Paths used are + post /ers/config/certificateprofile, + put /ers/config/certificateprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.certificate_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowedAsUserName: true + certificateAttributeName: string + description: string + externalIdentityStoreName: string + id: string + matchMode: string + name: string + usernameFrom: string + +- name: Create + cisco.ise.certificate_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowedAsUserName: true + certificateAttributeName: string + description: string + externalIdentityStoreName: string + id: string + matchMode: string + name: string + usernameFrom: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "externalIdentityStoreName": "string", + "certificateAttributeName": "string", + "allowedAsUserName": true, + "matchMode": "string", + "usernameFrom": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ] + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/certificate_profile_info.py b/ansible_collections/cisco/ise/plugins/modules/certificate_profile_info.py new file mode 100644 index 00000000..d996fb14 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/certificate_profile_info.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: certificate_profile_info +short_description: Information module for Certificate Profile +description: +- Get all Certificate Profile. +- Get Certificate Profile by id. +- Get Certificate Profile by name. +- This API allows the client to get a certificate profile by ID. +- This API allows the client to get a certificate profile by name. +- This API allows the client to get all the certificate profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + certificate_profile.CertificateProfile.get_certificate_profile_by_id, + certificate_profile.CertificateProfile.get_certificate_profile_by_name, + certificate_profile.CertificateProfile.get_certificate_profile_generator, + + - Paths used are + get /ers/config/certificateprofile, + get /ers/config/certificateprofile/name/{name}, + get /ers/config/certificateprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Certificate Profile + cisco.ise.certificate_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Certificate Profile by id + cisco.ise.certificate_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Certificate Profile by name + cisco.ise.certificate_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "externalIdentityStoreName": "string", + "certificateAttributeName": "string", + "allowedAsUserName": true, + "matchMode": "string", + "usernameFrom": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "externalIdentityStoreName": "string", + "certificateAttributeName": "string", + "allowedAsUserName": true, + "matchMode": "string", + "usernameFrom": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/certificate_template_info.py b/ansible_collections/cisco/ise/plugins/modules/certificate_template_info.py new file mode 100644 index 00000000..4d6d0d18 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/certificate_template_info.py @@ -0,0 +1,118 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: certificate_template_info +short_description: Information module for Certificate Template +description: +- Get all Certificate Template. +- Get Certificate Template by id. +- Get Certificate Template by name. +- This API allows the client to get a certificate template by ID. +- This API allows the client to get a certificate template by name. +- This API allows the client to get aall the certificate templates. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + certificate_template.CertificateTemplate.get_certificate_template_by_id, + certificate_template.CertificateTemplate.get_certificate_template_by_name, + certificate_template.CertificateTemplate.get_certificate_template_generator, + + - Paths used are + get /ers/config/certificatetemplate/, + get /ers/config/certificatetemplate/name/{name}, + get /ers/config/certificatetemplate/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Certificate Template + cisco.ise.certificate_template_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Certificate Template by id + cisco.ise.certificate_template_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Certificate Template by name + cisco.ise.certificate_template_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "keySize": 0, + "validityPeriod": 0, + "raprofile": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "keySize": 0, + "validityPeriod": 0, + "raprofile": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/csr_delete.py b/ansible_collections/cisco/ise/plugins/modules/csr_delete.py new file mode 100644 index 00000000..13d1f134 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/csr_delete.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: csr_delete +short_description: Resource module for CSR Delete +description: +- Manage operation delete of the resource CSR Delete. +- This API deletes a Certificate Signing Request of a particular node based on given HostName and ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostName: + description: HostName path parameter. Name of the host of which CSR's should be + deleted. + type: str + id: + description: Id path parameter. ID of the Certificate Signing Request to be deleted. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.delete_csr_by_id, + + - Paths used are + delete /api/v1/certs/certificate-signing-request/{hostName}/{id}, + +""" + +EXAMPLES = r""" +- name: Delete by id + cisco.ise.csr_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostName: string + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/csr_export_info.py b/ansible_collections/cisco/ise/plugins/modules/csr_export_info.py new file mode 100644 index 00000000..a1f8b85e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/csr_export_info.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: csr_export_info +short_description: Information module for CSR Export +description: +- Get CSR Export by id. +- Response of this API carries a CSR corresponding to the requested ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + hostname: + description: + - Hostname path parameter. Hostname to which the CSR belongs. + type: str + id: + description: + - Id path parameter. ID of the CSR to be exported. + type: str + dirPath: + description: + - Directory absolute path. Defaults to the current working directory. + type: str + saveFile: + description: + - Enable or disable automatic file creation of raw response. + type: bool + filename: + description: + - The filename used to save the download file. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.export_csr, + + - Paths used are + get /api/v1/certs/certificate-signing-request/export/{hostname}/{id}, + +""" + +EXAMPLES = r""" +- name: Get CSR Export by id + cisco.ise.csr_export_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "data": "filecontent", + "filename": "filename", + "dirpath": "download/directory", + "path": "download/directory/filename" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/csr_generate.py b/ansible_collections/cisco/ise/plugins/modules/csr_generate.py new file mode 100644 index 00000000..3116b380 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/csr_generate.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: csr_generate +short_description: Resource module for CSR Generate +description: +- Manage operation create of the resource CSR Generate. +- Generate a certificate signing request for Multi-Use, Admin, EAP. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowWildCardCert: + description: AllowWildCardCert flag. + type: bool + certificatePolicies: + description: CSR Generate's certificatePolicies. + type: str + digestType: + description: CSR Generate's digestType. + type: str + hostnames: + description: CSR Generate's hostnames. + elements: str + type: list + keyLength: + description: CSR Generate's keyLength. + type: str + keyType: + description: CSR Generate's keyType. + type: str + portalGroupTag: + description: CSR Generate's portalGroupTag. + type: str + sanDNS: + description: CSR Generate's sanDNS. + elements: str + type: list + sanDir: + description: CSR Generate's sanDir. + elements: str + type: list + sanIP: + description: CSR Generate's sanIP. + elements: str + type: list + sanURI: + description: CSR Generate's sanURI. + elements: str + type: list + subjectCity: + description: CSR Generate's subjectCity. + type: str + subjectCommonName: + description: CSR Generate's subjectCommonName. + type: str + subjectCountry: + description: CSR Generate's subjectCountry. + type: str + subjectOrg: + description: CSR Generate's subjectOrg. + type: str + subjectOrgUnit: + description: CSR Generate's subjectOrgUnit. + type: str + subjectState: + description: CSR Generate's subjectState. + type: str + usedFor: + description: CSR Generate's usedFor. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.generate_csr, + + - Paths used are + post /api/v1/certs/certificate-signing-request, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.csr_generate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + allowWildCardCert: true + certificatePolicies: string + digestType: string + hostnames: + - string + keyLength: string + keyType: string + portalGroupTag: string + sanDNS: + - string + sanDir: + - string + sanIP: + - string + sanURI: + - string + subjectCity: string + subjectCommonName: string + subjectCountry: string + subjectOrg: string + subjectOrgUnit: string + subjectState: string + usedFor: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": [ + { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string" + } + ], + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/csr_generate_intermediate_ca.py b/ansible_collections/cisco/ise/plugins/modules/csr_generate_intermediate_ca.py new file mode 100644 index 00000000..f7eaaf20 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/csr_generate_intermediate_ca.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: csr_generate_intermediate_ca +short_description: Resource module for CSR Generate Intermediate CA +description: +- Manage operation create of the resource CSR Generate Intermediate CA. +- CSR Generation for Intermediate Certificates. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.generate_intermediate_ca_csr, + + - Paths used are + post /api/v1/certs/certificate-signing-request/intermediate-ca, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.csr_generate_intermediate_ca: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/csr_info.py b/ansible_collections/cisco/ise/plugins/modules/csr_info.py new file mode 100644 index 00000000..6dee74b1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/csr_info.py @@ -0,0 +1,166 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: csr_info +short_description: Information module for CSR +description: +- Get all CSR. +- Get CSR by id. +- This API displays details of a Certificate Signing Request of a particular node for given HostName and ID. +- This API supports Filtering, Sorting and Pagination. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + hostName: + description: + - HostName path parameter. Name of the host of which CSR's should be returned. + type: str + id: + description: + - Id path parameter. ID of the Certificate Signing Request returned. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.get_csr_by_id, + certificates.Certificates.get_csrs_generator, + + - Paths used are + get /api/v1/certs/certificate-signing-request, + get /api/v1/certs/certificate-signing-request/{hostName}/{id}, + +""" + +EXAMPLES = r""" +- name: Get all CSR + cisco.ise.csr_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get CSR by id + cisco.ise.csr_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostName: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "csrContents": "string", + "friendlyName": "string", + "groupTag": "string", + "hostName": "string", + "id": "string", + "keySize": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "signatureAlgorithm": "string", + "subject": "string", + "timeStamp": "string", + "usedFor": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "csrContents": "string", + "friendlyName": "string", + "groupTag": "string", + "hostName": "string", + "id": "string", + "keySize": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "signatureAlgorithm": "string", + "subject": "string", + "timeStamp": "string", + "usedFor": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/deployment_info.py b/ansible_collections/cisco/ise/plugins/modules/deployment_info.py new file mode 100644 index 00000000..bc2f7074 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/deployment_info.py @@ -0,0 +1,183 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: deployment_info +short_description: Information module for Deployment +description: +- Get all Deployment. +- This API allows the client to pull the deployment information. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + timeout: + description: + - How long to wait for the server to send data before giving up. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for PullDeploymentInfo + description: Complete reference of the PullDeploymentInfo API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deploymentinfo +notes: + - SDK Method used are + pull_deployment_info.PullDeploymentInfo.get_deployment_info, + + - Paths used are + get /ers/config/deploymentinfo/getAllInfo, + +""" + +EXAMPLES = r""" +- name: Get all Deployment + cisco.ise.deployment_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "networkAccessInfo": { + "deploymentID": "string", + "isCsnEnabled": true, + "nodeList": { + "nodeAndScope": [ + {} + ] + }, + "sdaVNs": [], + "trustSecControl": "string", + "radius3RdParty": [] + }, + "profilerInfo": { + "deploymentID": "string", + "nodeList": { + "node": [ + { + "onlineSubscriptionEnabled": true, + "lastAppliedFeedDateTime": "string", + "scope": "string", + "profiles": [ + { + "profile": [], + "customProfilesCount": 0, + "endpointTypes": "string", + "totalProfilesCount": 0, + "uniqueEndpointsCount": 0, + "unknownEndpointsCount": 0, + "totalEndpointsCount": 0, + "unknownEndpointsPercentage": 0 + } + ] + } + ] + } + }, + "deploymentInfo": { + "deploymentID": "string", + "versionHistoryInfo": [ + { + "opType": "string", + "mainVersion": "string", + "epochTime": 0 + } + ], + "nodeList": { + "nodeAndNodeCountAndCountInfo": [ + { + "name": "string", + "value": {}, + "declaredType": "string", + "scope": "string", + "nil": true, + "globalScope": true, + "typeSubstituted": true + } + ] + }, + "fipsstatus": "string" + }, + "nadInfo": { + "nodeList": { + "nodeAndScope": [ + {} + ] + }, + "nadcountInfo": { + "totalActiveNADCount": 0 + } + }, + "mdmInfo": { + "activeMdmServersCount": "string", + "activeDesktopMdmServersCount": "string", + "activeMobileMdmServersCount": "string", + "deploymentID": "string", + "nodeList": { + "nodeAndScope": [ + {} + ] + } + }, + "licensesInfo": { + "deploymentID": "string", + "nodeList": { + "node": [ + {} + ] + } + }, + "postureInfo": { + "content": [ + { + "name": "string", + "value": {}, + "declaredType": "string", + "scope": "string", + "nil": true, + "globalScope": true, + "typeSubstituted": true + } + ] + }, + "kongInfo": { + "deploymentID": "string", + "nodeList": { + "node": [ + { + "sn": "string", + "service": [ + { + "serviceName": "string", + "route": [ + { + "routeName": "string", + "httpCount": {}, + "latencyCount": {}, + "latencySum": {} + } + ] + } + ] + } + ] + } + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_reset_hitcount.py new file mode 100644 index 00000000..a238380a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_reset_hitcount.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authentication_reset_hitcount +short_description: Resource module for Device Administration Authentication Reset Hitcount +description: +- Manage operation create of the resource Device Administration Authentication Reset Hitcount. +- Device Admin - Reset HitCount for Authentication Rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authentication Rules + description: Complete reference of the Device Administration - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.reset_hit_counts_device_admin_authentication_rules, + + - Paths used are + post /device-admin/policy-set/{policyId}/authentication/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_authentication_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules.py new file mode 100644 index 00000000..29c2db6d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules.py @@ -0,0 +1,535 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authentication_rules +short_description: Resource module for Device Administration Authentication Rules +description: +- Manage operations create, update and delete of the resource Device Administration Authentication Rules. +- Device Admin - Create authentication rule. +- Device Admin - Delete rule. +- Device Admin - - Update rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. Rule id. + type: str + identitySourceName: + description: Identity source name from the identity stores. + type: str + ifAuthFail: + description: Action to perform when authentication fails such as Bad credentials, + disabled user and so on. + type: str + ifProcessFail: + description: Action to perform when ISE is uanble to access the identity database. + type: str + ifUserNotFound: + description: Action to perform when user is not found in any of identity stores. + type: str + link: + description: Device Administration Authentication Rules's link. + suboptions: + href: + description: Device Administration Authentication Rules's href. + type: str + rel: + description: Device Administration Authentication Rules's rel. + type: str + type: + description: Device Administration Authentication Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Device Administration Authentication Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Authentication Rules's link. + suboptions: + href: + description: Device Administration Authentication Rules's href. + type: str + rel: + description: Device Administration Authentication Rules's rel. + type: str + type: + description: Device Administration Authentication Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Authentication Rules's endDate. + type: str + startDate: + description: Device Administration Authentication Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Authentication Rules's endDate. + type: str + startDate: + description: Device Administration Authentication Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Authentication Rules's endTime. + type: str + startTime: + description: Device Administration Authentication Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Authentication Rules's endTime. + type: str + startTime: + description: Device Administration Authentication Rules's startTime. + type: str + type: dict + id: + description: Device Administration Authentication Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Authentication Rules's link. + suboptions: + href: + description: Device Administration Authentication Rules's href. + type: str + rel: + description: Device Administration Authentication Rules's rel. + type: str + type: + description: Device Administration Authentication Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authentication Rules + description: Complete reference of the Device Administration - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.create_device_admin_authentication_rule, + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.delete_device_admin_authentication_rule_by_id, + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.update_device_admin_authentication_rule_by_id, + + - Paths used are + post /device-admin/policy-set/{policyId}/authentication, + delete /device-admin/policy-set/{policyId}/authentication/{id}, + put /device-admin/policy-set/{policyId}/authentication/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + identitySourceName: string + ifAuthFail: string + ifProcessFail: string + ifUserNotFound: string + link: + href: string + rel: string + type: string + policyId: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Update by id + cisco.ise.device_administration_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + identitySourceName: string + ifAuthFail: string + ifProcessFail: string + ifUserNotFound: string + link: + href: string + rel: string + type: string + policyId: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Delete by id + cisco.ise.device_administration_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules_info.py new file mode 100644 index 00000000..3e0dfce6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authentication_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authentication_rules_info +short_description: Information module for Device Administration Authentication Rules +description: +- Get all Device Administration Authentication Rules. +- Get Device Administration Authentication Rules by id. +- Device Admin - Get authentication rules. +- Device Admin - Get rule attributes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authentication Rules + description: Complete reference of the Device Administration - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.get_device_admin_authentication_rule_by_id, + device_administration_authentication_rules.DeviceAdministrationAuthenticationRules.get_device_admin_authentication_rules, + + - Paths used are + get /device-admin/policy-set/{policyId}/authentication, + get /device-admin/policy-set/{policyId}/authentication/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Authentication Rules + cisco.ise.device_administration_authentication_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Device Administration Authentication Rules by id + cisco.ise.device_administration_authentication_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_reset_hitcount.py new file mode 100644 index 00000000..a34b3aec --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_reset_hitcount.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authorization_reset_hitcount +short_description: Resource module for Device Administration Authorization Reset Hitcount +description: +- Manage operation create of the resource Device Administration Authorization Reset Hitcount. +- Device Admin - Reset HitCount for Authorization Rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Rules + description: Complete reference of the Device Administration - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.reset_hit_counts_device_admin_authorization_rules, + + - Paths used are + post /device-admin/policy-set/{policyId}/authorization/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_authorization_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules.py new file mode 100644 index 00000000..1e5058c6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules.py @@ -0,0 +1,529 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authorization_rules +short_description: Resource module for Device Administration Authorization Rules +description: +- Manage operations create, update and delete of the resource Device Administration Authorization Rules. +- Device Admin - Create authorization rule. +- Device Admin - Delete authorization rule. +- Device Admin - Update authorization rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + commands: + description: Command sets enforce the specified list of commands that can be executed + by a device administrator. + elements: str + type: list + id: + description: Id path parameter. Rule id. + type: str + link: + description: Device Administration Authorization Rules's link. + suboptions: + href: + description: Device Administration Authorization Rules's href. + type: str + rel: + description: Device Administration Authorization Rules's rel. + type: str + type: + description: Device Administration Authorization Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + profile: + description: Device admin profiles control the initial login session of the device + administrator. + type: str + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Device Administration Authorization Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Authorization Rules's link. + suboptions: + href: + description: Device Administration Authorization Rules's href. + type: str + rel: + description: Device Administration Authorization Rules's rel. + type: str + type: + description: Device Administration Authorization Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Authorization Rules's endDate. + type: str + startDate: + description: Device Administration Authorization Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Authorization Rules's endDate. + type: str + startDate: + description: Device Administration Authorization Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Authorization Rules's endTime. + type: str + startTime: + description: Device Administration Authorization Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Authorization Rules's endTime. + type: str + startTime: + description: Device Administration Authorization Rules's startTime. + type: str + type: dict + id: + description: Device Administration Authorization Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Authorization Rules's link. + suboptions: + href: + description: Device Administration Authorization Rules's href. + type: str + rel: + description: Device Administration Authorization Rules's rel. + type: str + type: + description: Device Administration Authorization Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Rules + description: Complete reference of the Device Administration - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.create_device_admin_authorization_rule, + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.delete_device_admin_authorization_rule_by_id, + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.update_device_admin_authorization_rule_by_id, + + - Paths used are + post /device-admin/policy-set/{policyId}/authorization, + delete /device-admin/policy-set/{policyId}/authorization/{id}, + put /device-admin/policy-set/{policyId}/authorization/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + link: + href: string + rel: string + type: string + policyId: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Update by id + cisco.ise.device_administration_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + id: string + link: + href: string + rel: string + type: string + policyId: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Delete by id + cisco.ise.device_administration_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules_info.py new file mode 100644 index 00000000..8c5f6de1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_authorization_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_authorization_rules_info +short_description: Information module for Device Administration Authorization Rules +description: +- Get all Device Administration Authorization Rules. +- Get Device Administration Authorization Rules by id. +- Device Admin - Get authorization rule attributes. +- Device Admin - Get authorization rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Rules + description: Complete reference of the Device Administration - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.get_device_admin_authorization_rule_by_id, + device_administration_authorization_rules.DeviceAdministrationAuthorizationRules.get_device_admin_authorization_rules, + + - Paths used are + get /device-admin/policy-set/{policyId}/authorization, + get /device-admin/policy-set/{policyId}/authorization/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Authorization Rules + cisco.ise.device_administration_authorization_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Device Administration Authorization Rules by id + cisco.ise.device_administration_authorization_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_command_set_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_command_set_info.py new file mode 100644 index 00000000..23aa5817 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_command_set_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_command_set_info +short_description: Information module for Device Administration Command Set +description: +- Get all Device Administration Command Set. +- Device Admin - Return list of command sets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Command Set + description: Complete reference of the Device Administration - Command Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_command_set.DeviceAdministrationCommandSet.get_device_admin_command_sets, + + - Paths used are + get /device-admin/command-sets, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Command Set + cisco.ise.device_administration_command_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions.py new file mode 100644 index 00000000..9db7c229 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions.py @@ -0,0 +1,457 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_conditions +short_description: Resource module for Device Administration Conditions +description: +- Manage operations create, update and delete of the resource Device Administration Conditions. +- Device Admin - Creates a library condition. +- Device Admin - Delete a library condition. +- NDevice Admin - Delete a library condition using condition Name. +- Device Admin - Update library condition using condition name. +- Device Admin - Update library condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be aggregated + under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Conditions's link. + suboptions: + href: + description: Device Administration Conditions's href. + type: str + rel: + description: Device Administration Conditions's rel. + type: str + type: + description: Device Administration Conditions's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Device Administration Conditions's endDate. + type: str + startDate: + description: Device Administration Conditions's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Device Administration Conditions's endDate. + type: str + startDate: + description: Device Administration Conditions's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Conditions's endTime. + type: str + startTime: + description: Device Administration Conditions's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Conditions's endTime. + type: str + startTime: + description: Device Administration Conditions's startTime. + type: str + type: dict + id: + description: Device Administration Conditions's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Conditions's link. + suboptions: + href: + description: Device Administration Conditions's href. + type: str + rel: + description: Device Administration Conditions's rel. + type: str + type: + description: Device Administration Conditions's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days format + - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
Days + format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Conditions + description: Complete reference of the Device Administration - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_conditions.DeviceAdministrationConditions.create_device_admin_condition, + device_administration_conditions.DeviceAdministrationConditions.delete_device_admin_condition_by_id, + device_administration_conditions.DeviceAdministrationConditions.delete_device_admin_condition_by_name, + device_administration_conditions.DeviceAdministrationConditions.update_device_admin_condition_by_id, + device_administration_conditions.DeviceAdministrationConditions.update_device_admin_condition_by_name, + + - Paths used are + post /device-admin/condition, + delete /device-admin/condition/condition-by-name/{name}, + delete /device-admin/condition/{id}, + put /device-admin/condition/condition-by-name/{name}, + put /device-admin/condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Update by name + cisco.ise.device_administration_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by name + cisco.ise.device_administration_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.device_administration_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by id + cisco.ise.device_administration_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authentication_rule_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authentication_rule_info.py new file mode 100644 index 00000000..073e3b88 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authentication_rule_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_conditions_for_authentication_rule_info +short_description: Information module for Device Administration Conditions For Authentication Rule +description: +- Get all Device Administration Conditions For Authentication Rule. +- Device Admin - Returns list of library conditions for authentication rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Conditions + description: Complete reference of the Device Administration - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_conditions_for_authentication_rules, + + - Paths used are + get /device-admin/condition/authentication, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Conditions For Authentication Rule + cisco.ise.device_administration_conditions_for_authentication_rule_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authorization_rule_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authorization_rule_info.py new file mode 100644 index 00000000..e2db5781 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_authorization_rule_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_conditions_for_authorization_rule_info +short_description: Information module for Device Administration Conditions For Authorization Rule +description: +- Get all Device Administration Conditions For Authorization Rule. +- Device Admin - Returns list of library conditions for authorization rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Conditions + description: Complete reference of the Device Administration - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_conditions_for_authorization_rules, + + - Paths used are + get /device-admin/condition/authorization, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Conditions For Authorization Rule + cisco.ise.device_administration_conditions_for_authorization_rule_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_policy_set_info.py new file mode 100644 index 00000000..c5add18b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_for_policy_set_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_conditions_for_policy_set_info +short_description: Information module for Device Administration Conditions For Policy Set +description: +- Get all Device Administration Conditions For Policy Set. +- Device Admin - Returns list of library conditions for policy sets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Conditions + description: Complete reference of the Device Administration - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_conditions_for_policy_sets, + + - Paths used are + get /device-admin/condition/policyset, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Conditions For Policy Set + cisco.ise.device_administration_conditions_for_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_info.py new file mode 100644 index 00000000..90657433 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_conditions_info.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_conditions_info +short_description: Information module for Device Administration Conditions +description: +- Get all Device Administration Conditions. +- Get Device Administration Conditions by id. +- Get Device Administration Conditions by name. +- Device Admin - Returns a library condition. +- Device Admin - Returns a library condition. +- Device Admin - Returns list of library conditions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. Condition name. + type: str + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Conditions + description: Complete reference of the Device Administration - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_condition_by_id, + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_condition_by_name, + device_administration_conditions.DeviceAdministrationConditions.get_device_admin_conditions, + + - Paths used are + get /device-admin/condition, + get /device-admin/condition/condition-by-name/{name}, + get /device-admin/condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Conditions + cisco.ise.device_administration_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Device Administration Conditions by id + cisco.ise.device_administration_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Device Administration Conditions by name + cisco.ise.device_administration_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authentication_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authentication_info.py new file mode 100644 index 00000000..c603181b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authentication_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_dictionary_attributes_authentication_info +short_description: Information module for Device Administration Dictionary Attributes Authentication +description: +- Get all Device Administration Dictionary Attributes Authentication. +- Network Access - Returns list of dictionary attributes for authentication. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Dictionary Attributes List + description: Complete reference of the Device Administration - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_dictionary_attributes_list.DeviceAdministrationDictionaryAttributesList.get_device_admin_dictionaries_authentication, + + - Paths used are + get /device-admin/dictionaries/authentication, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Dictionary Attributes Authentication + cisco.ise.device_administration_dictionary_attributes_authentication_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authorization_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authorization_info.py new file mode 100644 index 00000000..f1685f1a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_authorization_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_dictionary_attributes_authorization_info +short_description: Information module for Device Administration Dictionary Attributes Authorization +description: +- Get all Device Administration Dictionary Attributes Authorization. +- Network Access - Returns list of dictionary attributes for authorization. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Dictionary Attributes List + description: Complete reference of the Device Administration - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_dictionary_attributes_list.DeviceAdministrationDictionaryAttributesList.get_device_admin_dictionaries_authorization, + + - Paths used are + get /device-admin/dictionaries/authorization, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Dictionary Attributes Authorization + cisco.ise.device_administration_dictionary_attributes_authorization_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_policy_set_info.py new file mode 100644 index 00000000..74afbb5d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_dictionary_attributes_policy_set_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_dictionary_attributes_policy_set_info +short_description: Information module for Device Administration Dictionary Attributes Policy Set +description: +- Get all Device Administration Dictionary Attributes Policy Set. +- Network Access - Returns list of dictionary attributes for policyset. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Dictionary Attributes List + description: Complete reference of the Device Administration - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_dictionary_attributes_list.DeviceAdministrationDictionaryAttributesList.get_device_admin_dictionaries_policy_set, + + - Paths used are + get /device-admin/dictionaries/policyset, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Dictionary Attributes Policy Set + cisco.ise.device_administration_dictionary_attributes_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules.py new file mode 100644 index 00000000..6bdd2efe --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules.py @@ -0,0 +1,523 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_global_exception_rules +short_description: Resource module for Device Administration Global Exception Rules +description: +- Manage operations create, update and delete of the resource Device Administration Global Exception Rules. +- Device Admin - Create global exception authorization rule. +- Device Admin - Delete global exception authorization rule. +- Device Admin - Update global exception authorization rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + commands: + description: Command sets enforce the specified list of commands that can be executed + by a device administrator. + elements: str + type: list + id: + description: Id path parameter. Rule id. + type: str + link: + description: Device Administration Global Exception Rules's link. + suboptions: + href: + description: Device Administration Global Exception Rules's href. + type: str + rel: + description: Device Administration Global Exception Rules's rel. + type: str + type: + description: Device Administration Global Exception Rules's type. + type: str + type: dict + profile: + description: Device admin profiles control the initial login session of the device + administrator. + type: str + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Device Administration Global Exception Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Global Exception Rules's link. + suboptions: + href: + description: Device Administration Global Exception Rules's href. + type: str + rel: + description: Device Administration Global Exception Rules's rel. + type: str + type: + description: Device Administration Global Exception Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Global Exception Rules's endDate. + type: str + startDate: + description: Device Administration Global Exception Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Global Exception Rules's endDate. + type: str + startDate: + description: Device Administration Global Exception Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Global Exception Rules's endTime. + type: str + startTime: + description: Device Administration Global Exception Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Global Exception Rules's endTime. + type: str + startTime: + description: Device Administration Global Exception Rules's startTime. + type: str + type: dict + id: + description: Device Administration Global Exception Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Global Exception Rules's link. + suboptions: + href: + description: Device Administration Global Exception Rules's href. + type: str + rel: + description: Device Administration Global Exception Rules's rel. + type: str + type: + description: Device Administration Global Exception Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Global Exception Rules + description: Complete reference of the Device Administration - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.create_device_admin_policy_set_global_exception, + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.delete_device_admin_policy_set_global_exception_by_rule_id, + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.update_device_admin_policy_set_global_exception_by_rule_id, + + - Paths used are + post /device-admin/policy-set/global-exception, + delete /device-admin/policy-set/global-exception/{id}, + put /device-admin/policy-set/global-exception/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + link: + href: string + rel: string + type: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Update by id + cisco.ise.device_administration_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + id: string + link: + href: string + rel: string + type: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Delete by id + cisco.ise.device_administration_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_info.py new file mode 100644 index 00000000..27f969f6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_info.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_global_exception_rules_info +short_description: Information module for Device Administration Global Exception Rules +description: +- Get all Device Administration Global Exception Rules. +- Get Device Administration Global Exception Rules by id. +- Device Admin - Get global exception rule attribute. +- Device Admin - Get global execption rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Global Exception Rules + description: Complete reference of the Device Administration - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.get_device_admin_policy_set_global_exception_by_rule_id, + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.get_device_admin_policy_set_global_exception_rules, + + - Paths used are + get /device-admin/policy-set/global-exception, + get /device-admin/policy-set/global-exception/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Global Exception Rules + cisco.ise.device_administration_global_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Device Administration Global Exception Rules by id + cisco.ise.device_administration_global_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..7a7e1a82 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_global_exception_rules_reset_hitcount.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_global_exception_rules_reset_hitcount +short_description: Resource module for Device Administration Global Exception Rules Reset Hitcount +description: +- Manage operation create of the resource Device Administration Global Exception Rules Reset Hitcount. +- Device Admin - Reset HitCount for Global Exceptions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Global Exception Rules + description: Complete reference of the Device Administration - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_global_exception_rules.DeviceAdministrationAuthorizationGlobalExceptionRules.reset_hit_counts_device_admin_global_exceptions, + + - Paths used are + post /device-admin/policy-set/global-exception/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_global_exception_rules_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_identity_stores_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_identity_stores_info.py new file mode 100644 index 00000000..a0556f72 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_identity_stores_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_identity_stores_info +short_description: Information module for Device Administration Identity Stores +description: +- Get all Device Administration Identity Stores. +- Device Admin - Return list of identity stores for authentication. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Identity Stores + description: Complete reference of the Device Administration - Identity Stores API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_identity_stores.DeviceAdministrationIdentityStores.get_device_admin_identity_stores, + + - Paths used are + get /device-admin/identity-stores, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Identity Stores + cisco.ise.device_administration_identity_stores_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules.py new file mode 100644 index 00000000..92fe6d8d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules.py @@ -0,0 +1,529 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_local_exception_rules +short_description: Resource module for Device Administration Local Exception Rules +description: +- Manage operations create, update and delete of the resource Device Administration Local Exception Rules. +- Device Admin - Create local authorization exception rule. +- Device Admin - Delete local exception rule. +- Device Admin - Update local exception rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + commands: + description: Command sets enforce the specified list of commands that can be executed + by a device administrator. + elements: str + type: list + id: + description: Id path parameter. Rule id. + type: str + link: + description: Device Administration Local Exception Rules's link. + suboptions: + href: + description: Device Administration Local Exception Rules's href. + type: str + rel: + description: Device Administration Local Exception Rules's rel. + type: str + type: + description: Device Administration Local Exception Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + profile: + description: Device admin profiles control the initial login session of the device + administrator. + type: str + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Device Administration Local Exception Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Local Exception Rules's link. + suboptions: + href: + description: Device Administration Local Exception Rules's href. + type: str + rel: + description: Device Administration Local Exception Rules's rel. + type: str + type: + description: Device Administration Local Exception Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Local Exception Rules's endDate. + type: str + startDate: + description: Device Administration Local Exception Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Local Exception Rules's endDate. + type: str + startDate: + description: Device Administration Local Exception Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Local Exception Rules's endTime. + type: str + startTime: + description: Device Administration Local Exception Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Device Administration Local Exception Rules's endTime. + type: str + startTime: + description: Device Administration Local Exception Rules's startTime. + type: str + type: dict + id: + description: Device Administration Local Exception Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Local Exception Rules's link. + suboptions: + href: + description: Device Administration Local Exception Rules's href. + type: str + rel: + description: Device Administration Local Exception Rules's rel. + type: str + type: + description: Device Administration Local Exception Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Exception Rules + description: Complete reference of the Device Administration - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.create_device_admin_local_exception_rule, + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.delete_device_admin_local_exception_rule_by_id, + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.update_device_admin_local_exception_rule_by_id, + + - Paths used are + post /device-admin/policy-set/{policyId}/exception, + delete /device-admin/policy-set/{policyId}/exception/{id}, + put /device-admin/policy-set/{policyId}/exception/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + link: + href: string + rel: string + type: string + policyId: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Update by id + cisco.ise.device_administration_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + - string + id: string + link: + href: string + rel: string + type: string + policyId: string + profile: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Delete by id + cisco.ise.device_administration_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_info.py new file mode 100644 index 00000000..cb1cd914 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_local_exception_rules_info +short_description: Information module for Device Administration Local Exception Rules +description: +- Get all Device Administration Local Exception Rules. +- Get Device Administration Local Exception Rules by id. +- Device Admin - Get local exception rule attributes. +- Device Admin - Get local exception rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Exception Rules + description: Complete reference of the Device Administration - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.get_device_admin_local_exception_rule_by_id, + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.get_device_admin_local_exception_rules, + + - Paths used are + get /device-admin/policy-set/{policyId}/exception, + get /device-admin/policy-set/{policyId}/exception/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Local Exception Rules + cisco.ise.device_administration_local_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Device Administration Local Exception Rules by id + cisco.ise.device_administration_local_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "commands": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": "string", + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..8211eb18 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_local_exception_rules_reset_hitcount.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_local_exception_rules_reset_hitcount +short_description: Resource module for Device Administration Local Exception Rules Reset Hitcount +description: +- Manage operation create of the resource Device Administration Local Exception Rules Reset Hitcount. +- Device Admin - Reset HitCount for local exceptions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Authorization Exception Rules + description: Complete reference of the Device Administration - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_authorization_exception_rules.DeviceAdministrationAuthorizationExceptionRules.reset_hit_counts_device_admin_local_exceptions, + + - Paths used are + post /device-admin/policy-set/{policyId}/exception/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_local_exception_rules_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions.py new file mode 100644 index 00000000..30ade1ac --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions.py @@ -0,0 +1,302 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_network_conditions +short_description: Resource module for Device Administration Network Conditions +description: +- Manage operations create, update and delete of the resource Device Administration Network Conditions. +- Device Admin- Creates network condition. +- Device Admin - Delete network condition. +- Device Admin - Update network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + conditionType: + description: This field determines the content of the conditions field. + type: str + conditions: + description: Device Administration Network Conditions's conditions. + elements: dict + suboptions: + cliDnisList: + description:

This field should contain a Caller ID (CLI), comma, and Called + ID (DNIS).
Line format - Caller ID (CLI), Called ID (DNIS)

. + elements: str + type: list + conditionType: + description: This field determines the content of the conditions field. + type: str + description: + description: Device Administration Network Conditions's description. + type: str + deviceGroupList: + description:

This field should contain a tuple with NDG Root, comma, and + an NDG (that it under the root).
Line format - NDG Root Name, NDG, Port

. + elements: str + type: list + deviceList: + description:

This field should contain Device-Name,port-number. The device + name must be the same as the name field in a Network Device object.
Line + format - Device Name,Port

. + elements: str + type: list + id: + description: Device Administration Network Conditions's id. + type: str + ipAddrList: + description:

This field should contain IP-address-or-subnet,port number
+ IP address can be IPV4 format (n.n.n.n) or IPV6 format (n n n n n n n n).
+ IP subnet can be IPV4 format (n.n.n.n/m) or IPV6 format (n n n n n n n n/m).
+ Line format - IP Address or subnet,Port

. + elements: str + type: list + link: + description: Device Administration Network Conditions's link. + suboptions: + href: + description: Device Administration Network Conditions's href. + type: str + rel: + description: Device Administration Network Conditions's rel. + type: str + type: + description: Device Administration Network Conditions's type. + type: str + type: dict + macAddrList: + description:

This field should contain Endstation MAC address, comma, and + Destination MAC addresses.
Each Max address must include twelve hexadecimal + digits using formats nn nn nn nn nn nn or nn-nn-nn-nn-nn-nn or nnnn.nnnn.nnnn + or nnnnnnnnnnnn.
Line format - Endstation MAC,Destination MAC

. + elements: str + type: list + name: + description: Network Condition name. + type: str + type: list + description: + description: Device Administration Network Conditions's description. + type: str + id: + description: Device Administration Network Conditions's id. + type: str + link: + description: Device Administration Network Conditions's link. + suboptions: + href: + description: Device Administration Network Conditions's href. + type: str + rel: + description: Device Administration Network Conditions's rel. + type: str + type: + description: Device Administration Network Conditions's type. + type: str + type: dict + name: + description: Network Condition name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Network Conditions + description: Complete reference of the Device Administration - Network Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_network_conditions.DeviceAdministrationNetworkConditions.create_device_admin_network_condition, + device_administration_network_conditions.DeviceAdministrationNetworkConditions.delete_device_admin_network_condition_by_id, + device_administration_network_conditions.DeviceAdministrationNetworkConditions.update_device_admin_network_condition_by_id, + + - Paths used are + post /device-admin/network-condition, + delete /device-admin/network-condition/{id}, + put /device-admin/network-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_network_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + conditionType: string + conditions: + - cliDnisList: + - string + conditionType: string + description: string + deviceGroupList: + - string + deviceList: + - string + id: string + ipAddrList: + - string + link: + href: string + rel: string + type: string + macAddrList: + - string + name: string + description: string + id: string + link: + href: string + rel: string + type: string + name: string + +- name: Update by id + cisco.ise.device_administration_network_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + conditionType: string + conditions: + - cliDnisList: + - string + conditionType: string + description: string + deviceGroupList: + - string + deviceList: + - string + id: string + ipAddrList: + - string + link: + href: string + rel: string + type: string + macAddrList: + - string + name: string + description: string + id: string + link: + href: string + rel: string + type: string + name: string + +- name: Delete by id + cisco.ise.device_administration_network_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "conditions": [ + { + "cliDnisList": [ + "string" + ], + "conditionType": "string", + "description": "string", + "id": "string", + "ipAddrList": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "macAddrList": [ + "string" + ], + "name": "string", + "deviceGroupList": [ + "string" + ], + "deviceList": [ + "string" + ] + } + ] + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "conditions": [ + { + "cliDnisList": [ + "string" + ], + "conditionType": "string", + "description": "string", + "id": "string", + "ipAddrList": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "macAddrList": [ + "string" + ], + "name": "string", + "deviceGroupList": [ + "string" + ], + "deviceList": [ + "string" + ] + } + ] + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions_info.py new file mode 100644 index 00000000..318e50bb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_network_conditions_info.py @@ -0,0 +1,108 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_network_conditions_info +short_description: Information module for Device Administration Network Conditions +description: +- Get all Device Administration Network Conditions. +- Get Device Administration Network Conditions by id. +- Device Admin - Returns a list of network conditions. +- Device Admin - Returns a network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Network Conditions + description: Complete reference of the Device Administration - Network Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_network_conditions.DeviceAdministrationNetworkConditions.get_device_admin_network_condition_by_id, + device_administration_network_conditions.DeviceAdministrationNetworkConditions.get_device_admin_network_conditions, + + - Paths used are + get /device-admin/network-condition, + get /device-admin/network-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Network Conditions + cisco.ise.device_administration_network_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Device Administration Network Conditions by id + cisco.ise.device_administration_network_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "conditions": [ + { + "cliDnisList": [ + "string" + ], + "conditionType": "string", + "description": "string", + "id": "string", + "ipAddrList": [ + "string" + ], + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "macAddrList": [ + "string" + ], + "name": "string", + "deviceGroupList": [ + "string" + ], + "deviceList": [ + "string" + ] + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set.py new file mode 100644 index 00000000..b6db2058 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set.py @@ -0,0 +1,505 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_policy_set +short_description: Resource module for Device Administration Policy Set +description: +- Manage operations create, update and delete of the resource Device Administration Policy Set. +- Device Admin - Create a new policy set. +- Device Admin - Delete a policy set. +- Device Admin - Update a policy set. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + condition: + description: Device Administration Policy Set's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be + aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Policy Set's link. + suboptions: + href: + description: Device Administration Policy Set's href. + type: str + rel: + description: Device Administration Policy Set's rel. + type: str + type: + description: Device Administration Policy Set's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Policy Set's endDate. + type: str + startDate: + description: Device Administration Policy Set's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Device Administration Policy Set's endDate. + type: str + startDate: + description: Device Administration Policy Set's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Policy Set's endTime. + type: str + startTime: + description: Device Administration Policy Set's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Policy Set's endTime. + type: str + startTime: + description: Device Administration Policy Set's startTime. + type: str + type: dict + id: + description: Device Administration Policy Set's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Policy Set's link. + suboptions: + href: + description: Device Administration Policy Set's href. + type: str + rel: + description: Device Administration Policy Set's rel. + type: str + type: + description: Device Administration Policy Set's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days + format - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Flag which indicates if this policy set is the default one. + type: bool + description: + description: The description for the policy set. + type: str + hitCounts: + description: The amount of times the policy was matched. + type: int + id: + description: Identifier for the policy set. + type: str + isProxy: + description: Flag which indicates if the policy set service is of type 'Proxy Sequence' + or 'Allowed Protocols'. + type: bool + link: + description: Device Administration Policy Set's link. + suboptions: + href: + description: Device Administration Policy Set's href. + type: str + rel: + description: Device Administration Policy Set's rel. + type: str + type: + description: Device Administration Policy Set's type. + type: str + type: dict + name: + description: Given name for the policy set, Valid characters are alphanumerics, + underscore, hyphen, space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other policy set. Lower rank is higher + priority. + type: int + serviceName: + description: Policy set service identifier - Allowed Protocols,Server Sequence.. + type: str + state_: + description: The state that the policy set is in. A disabled policy set cannot be + matched. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Policy Set + description: Complete reference of the Device Administration - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_policy_set.DeviceAdministrationPolicySet.create_device_admin_policy_set, + device_administration_policy_set.DeviceAdministrationPolicySet.delete_device_admin_policy_set_by_id, + device_administration_policy_set.DeviceAdministrationPolicySet.update_device_admin_policy_set_by_id, + + - Paths used are + post /device-admin/policy-set, + delete /device-admin/policy-set/{id}, + put /device-admin/policy-set/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + description: string + hitCounts: 0 + id: string + isProxy: true + link: + href: string + rel: string + type: string + name: string + rank: 0 + serviceName: string + state_: string + +- name: Update by id + cisco.ise.device_administration_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + description: string + hitCounts: 0 + id: string + isProxy: true + link: + href: string + rel: string + type: string + name: string + rank: 0 + serviceName: string + state_: string + +- name: Delete by id + cisco.ise.device_administration_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_info.py new file mode 100644 index 00000000..c6894900 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_info.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_policy_set_info +short_description: Information module for Device Administration Policy Set +description: +- Get all Device Administration Policy Set. +- Get Device Administration Policy Set by id. +- Device Admin - Get policy set attributes. +- Device Admin - List of policy sets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Policy Set + description: Complete reference of the Device Administration - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_policy_set.DeviceAdministrationPolicySet.get_device_admin_policy_set_by_id, + device_administration_policy_set.DeviceAdministrationPolicySet.get_device_admin_policy_sets, + + - Paths used are + get /device-admin/policy-set, + get /device-admin/policy-set/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Policy Set + cisco.ise.device_administration_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Device Administration Policy Set by id + cisco.ise.device_administration_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_reset_hitcount.py new file mode 100644 index 00000000..88893a0d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_policy_set_reset_hitcount.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_policy_set_reset_hitcount +short_description: Resource module for Device Administration Policy Set Reset Hitcount +description: +- Manage operation create of the resource Device Administration Policy Set Reset Hitcount. +- Device Admin - Reset HitCount for PolicySets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Policy Set + description: Complete reference of the Device Administration - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_policy_set.DeviceAdministrationPolicySet.reset_hit_counts_device_admin_policy_sets, + + - Paths used are + post /device-admin/policy-set/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_policy_set_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_profiles_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_profiles_info.py new file mode 100644 index 00000000..2a72e4e9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_profiles_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_profiles_info +short_description: Information module for Device Administration Profiles +description: +- Get all Device Administration Profiles. +- Device Admin - Returns list of shell profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Profiles + description: Complete reference of the Device Administration - Profiles API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_profiles.DeviceAdministrationProfiles.get_device_admin_profiles, + + - Paths used are + get /device-admin/shell-profiles, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Profiles + cisco.ise.device_administration_profiles_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_service_names_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_service_names_info.py new file mode 100644 index 00000000..0cd8de91 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_service_names_info.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_service_names_info +short_description: Information module for Device Administration Service Names +description: +- Get all Device Administration Service Names. +- Returns list of Allowed Protocols and Server Sequences for Device Admin Policy. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Service Names + description: Complete reference of the Device Administration - Service Names API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_service_names.DeviceAdministrationServiceNames.get_device_admin_service_names, + + - Paths used are + get /device-admin/service-names, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Service Names + cisco.ise.device_administration_service_names_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "isLocalAuthorization": true, + "name": "string", + "serviceType": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions.py new file mode 100644 index 00000000..0e115d18 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_time_date_conditions +short_description: Resource module for Device Administration Time Date Conditions +description: +- Manage operations create, update and delete of the resource Device Administration Time Date Conditions. +- Device Admin - Creates time/date condition. +- Device Admin - Delete Time/Date condition. +- Device Admin - Update network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be aggregated + under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Time Date Conditions's link. + suboptions: + href: + description: Device Administration Time Date Conditions's href. + type: str + rel: + description: Device Administration Time Date Conditions's rel. + type: str + type: + description: Device Administration Time Date Conditions's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Device Administration Time Date Conditions's endDate. + type: str + startDate: + description: Device Administration Time Date Conditions's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Device Administration Time Date Conditions's endDate. + type: str + startDate: + description: Device Administration Time Date Conditions's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Time Date Conditions's endTime. + type: str + startTime: + description: Device Administration Time Date Conditions's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Device Administration Time Date Conditions's endTime. + type: str + startTime: + description: Device Administration Time Date Conditions's startTime. + type: str + type: dict + id: + description: Device Administration Time Date Conditions's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Device Administration Time Date Conditions's link. + suboptions: + href: + description: Device Administration Time Date Conditions's href. + type: str + rel: + description: Device Administration Time Date Conditions's rel. + type: str + type: + description: Device Administration Time Date Conditions's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days format + - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
Days + format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Time/Date Conditions + description: Complete reference of the Device Administration - Time/Date Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_time_date_conditions.DeviceAdministrationTimeDateConditions.create_device_admin_time_condition, + device_administration_time_date_conditions.DeviceAdministrationTimeDateConditions.delete_device_admin_time_condition_by_id, + device_administration_time_date_conditions.DeviceAdministrationTimeDateConditions.update_device_admin_time_condition_by_id, + + - Paths used are + post /device-admin/time-condition, + delete /device-admin/time-condition/{id}, + put /device-admin/time-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.device_administration_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Update by id + cisco.ise.device_administration_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by id + cisco.ise.device_administration_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": {}, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions_info.py b/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions_info.py new file mode 100644 index 00000000..55a51384 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/device_administration_time_date_conditions_info.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: device_administration_time_date_conditions_info +short_description: Information module for Device Administration Time Date Conditions +description: +- Get all Device Administration Time Date Conditions. +- Get Device Administration Time Date Conditions by id. +- Device Admin - Returns a list of time and date conditions. +- Device Admin - Returns a network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Device Administration - Time/Date Conditions + description: Complete reference of the Device Administration - Time/Date Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + device_administration_time_date_conditions.DeviceAdministrationTimeDateConditions.get_device_admin_time_condition_by_id, + device_administration_time_date_conditions.DeviceAdministrationTimeDateConditions.get_device_admin_time_conditions, + + - Paths used are + get /device-admin/time-condition, + get /device-admin/time-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Device Administration Time Date Conditions + cisco.ise.device_administration_time_date_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Device Administration Time Date Conditions by id + cisco.ise.device_administration_time_date_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/downloadable_acl.py b/ansible_collections/cisco/ise/plugins/modules/downloadable_acl.py new file mode 100644 index 00000000..213fcdbd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/downloadable_acl.py @@ -0,0 +1,154 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: downloadable_acl +short_description: Resource module for Downloadable ACL +description: +- Manage operations create, update and delete of the resource Downloadable ACL. +- This API creates a downloadable ACL. +- This API deletes a downloadable ACL. +- This API allows the client to update a downloadable ACL. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + dacl: + description: The DACL Content. Use the string \\n for a newline. + type: str + daclType: + description: Allowed values - IPV4, - IPV6, - IP_AGNOSTIC. + type: str + description: + description: Use the string \\n for a newline. + type: str + id: + description: Downloadable ACL's id. + type: str + name: + description: Resource Name. Name may contain alphanumeric or any of the following + characters _.-. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + downloadable_acl.DownloadableAcl.create_downloadable_acl, + downloadable_acl.DownloadableAcl.delete_downloadable_acl_by_id, + downloadable_acl.DownloadableAcl.update_downloadable_acl_by_id, + + - Paths used are + post /ers/config/downloadableacl, + delete /ers/config/downloadableacl/{id}, + put /ers/config/downloadableacl/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.downloadable_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + dacl: string + daclType: string + description: string + id: string + name: string + +- name: Update by id with multiline ACL + cisco.ise.downloadable_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + dacl: "permit udp any eq bootpc any eq bootps\n permit tcp any host {{ise-ip}} eq www" + daclType: string + description: "this is my\n multiline\n ACL." + id: string + name: string + +- name: Delete by id + cisco.ise.downloadable_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.downloadable_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + dacl: string + daclType: string + description: string + name: string + +- name: Create with multiline ACL + cisco.ise.downloadable_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + dacl: "permit udp any eq bootpc any eq bootps\n permit tcp any host {{ise-ip}} eq www" + daclType: string + description: "this is my\n multiline\n ACL." + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "dacl": "string", + "daclType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/downloadable_acl_info.py b/ansible_collections/cisco/ise/plugins/modules/downloadable_acl_info.py new file mode 100644 index 00000000..3931cdda --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/downloadable_acl_info.py @@ -0,0 +1,109 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: downloadable_acl_info +short_description: Information module for Downloadable ACL +description: +- Get all Downloadable ACL. +- Get Downloadable ACL by id. +- This API allows the client to get a downloadable ACL by ID. +- This API allows the client to get all downloadable ACLs. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + downloadable_acl.DownloadableAcl.get_downloadable_acl_by_id, + downloadable_acl.DownloadableAcl.get_downloadable_acl_generator, + + - Paths used are + get /ers/config/downloadableacl, + get /ers/config/downloadableacl/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Downloadable ACL + cisco.ise.downloadable_acl_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Downloadable ACL by id + cisco.ise.downloadable_acl_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "dacl": "string", + "daclType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "dacl": "string", + "daclType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell.py new file mode 100644 index 00000000..ac0e06b7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell.py @@ -0,0 +1,151 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell +short_description: Resource module for Egress Matrix Cell +description: +- Manage operations create, update and delete of the resource Egress Matrix Cell. +- This API creates an egress matrix cell. +- This API deletes an egress matrix cell. +- This API allows the client to update an egress matrix cell. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + defaultRule: + description: Allowed values - NONE, - DENY_IP, - PERMIT_IP. + type: str + description: + description: Egress Matrix Cell's description. + type: str + destinationSGtId: + description: Egress Matrix Cell's destinationSGtId. + type: str + id: + description: Egress Matrix Cell's id. + type: str + matrixCellStatus: + description: Allowed values - DISABLED, - ENABLED, - MONITOR. + type: str + name: + description: Egress Matrix Cell's name. + type: str + sgacls: + description: Egress Matrix Cell's sgacls. + elements: str + type: list + sourceSGtId: + description: Egress Matrix Cell's sourceSGtId. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.create_egress_matrix_cell, + egress_matrix_cell.EgressMatrixCell.delete_egress_matrix_cell_by_id, + egress_matrix_cell.EgressMatrixCell.update_egress_matrix_cell_by_id, + + - Paths used are + post /ers/config/egressmatrixcell, + delete /ers/config/egressmatrixcell/{id}, + put /ers/config/egressmatrixcell/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.egress_matrix_cell: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + defaultRule: string + description: string + destinationSgtId: string + id: string + matrixCellStatus: string + name: string + sgacls: + - string + sourceSgtId: string + +- name: Delete by id + cisco.ise.egress_matrix_cell: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.egress_matrix_cell: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + defaultRule: string + description: string + destinationSgtId: string + matrixCellStatus: string + name: string + sgacls: + - string + sourceSgtId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sourceSgtId": "string", + "destinationSgtId": "string", + "matrixCellStatus": "string", + "defaultRule": "string", + "sgacls": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_monitor_status_info.py new file mode 100644 index 00000000..a24a81b0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_bulk_monitor_status_info +short_description: Information module for Egress Matrix Cell Bulk Monitor Status +description: +- Get Egress Matrix Cell Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.monitor_bulk_status_egress_matrix_cell, + + - Paths used are + get /ers/config/egressmatrixcell/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get Egress Matrix Cell Bulk Monitor Status by id + cisco.ise.egress_matrix_cell_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_request.py new file mode 100644 index 00000000..88df775e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_bulk_request +short_description: Resource module for Egress Matrix Cell Bulk Request +description: +- Manage operation update of the resource Egress Matrix Cell Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: Egress Matrix Cell Bulk Request's operationType. + type: str + resourceMediaType: + description: Egress Matrix Cell Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.bulk_request_for_egress_matrix_cell, + + - Paths used are + put /ers/config/egressmatrixcell/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.egress_matrix_cell_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clear_all.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clear_all.py new file mode 100644 index 00000000..3e325339 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clear_all.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_clear_all +short_description: Resource module for Egress Matrix Cell Clear All +description: +- Manage operation update of the resource Egress Matrix Cell Clear All. +- This API allows the client to clear all the egress matrix cells. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.clear_all_matrix_cells, + + - Paths used are + put /ers/config/egressmatrixcell/clearallmatrixcells, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.egress_matrix_cell_clear_all: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clone.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clone.py new file mode 100644 index 00000000..7dd4fda3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_clone.py @@ -0,0 +1,69 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_clone +short_description: Resource module for Egress Matrix Cell Clone +description: +- Manage operation update of the resource Egress Matrix Cell Clone. +- This API allows the client to clone an egress matrix cell. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + dstSGtId: + description: DstSGtId path parameter. + type: str + id: + description: Id path parameter. + type: str + srcSGtId: + description: SrcSGtId path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.clone_matrix_cell, + + - Paths used are + put /ers/config/egressmatrixcell/clonecell/{id}/srcSgt/{srcSgtId}/dstSgt/{dstSgtId}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.egress_matrix_cell_clone: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + dstSgtId: string + id: string + srcSgtId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "OperationResult": { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_info.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_info.py new file mode 100644 index 00000000..eeb4655a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_info.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_info +short_description: Information module for Egress Matrix Cell +description: +- Get all Egress Matrix Cell. +- Get Egress Matrix Cell by id. +- This API allows the client to get all the egress matrix cell. +- This API allows the client to get an egress matrix cell by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.get_egress_matrix_cell_by_id, + egress_matrix_cell.EgressMatrixCell.get_egress_matrix_cell_generator, + + - Paths used are + get /ers/config/egressmatrixcell, + get /ers/config/egressmatrixcell/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Egress Matrix Cell + cisco.ise.egress_matrix_cell_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Egress Matrix Cell by id + cisco.ise.egress_matrix_cell_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sourceSgtId": "string", + "destinationSgtId": "string", + "matrixCellStatus": "string", + "defaultRule": "string", + "sgacls": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "sourceSgtId": "string", + "destinationSgtId": "string", + "matrixCellStatus": "string", + "defaultRule": "string", + "sgacls": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_set_all_status.py b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_set_all_status.py new file mode 100644 index 00000000..1f416034 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/egress_matrix_cell_set_all_status.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: egress_matrix_cell_set_all_status +short_description: Resource module for Egress Matrix Cell Set All Status +description: +- Manage operation update of the resource Egress Matrix Cell Set All Status. +- This API allows the client to set status of all the egress matrix cells. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + status: + description: Status path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + egress_matrix_cell.EgressMatrixCell.set_all_cells_status, + + - Paths used are + put /ers/config/egressmatrixcell/status/{status}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.egress_matrix_cell_set_all_status: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + status: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint.py b/ansible_collections/cisco/ise/plugins/modules/endpoint.py new file mode 100644 index 00000000..74db5cd1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint.py @@ -0,0 +1,262 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint +short_description: Resource module for Endpoint +description: +- Manage operations create, update and delete of the resource Endpoint. +- This API creates an endpoint. +- This API deletes an endpoint. +- This API allows the client to update an endpoint. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customAttributes: + description: Endpoint's customAttributes. + suboptions: + customAttributes: + description: Key value map. + type: dict + type: dict + description: + description: Endpoint's description. + type: str + groupId: + description: Endpoint's groupId. + type: str + id: + description: Endpoint's id. + type: str + identityStore: + description: Endpoint's identityStore. + type: str + identityStoreId: + description: Endpoint's identityStoreId. + type: str + mac: + description: Endpoint's mac. + type: str + mdmAttributes: + description: Endpoint's mdmAttributes. + suboptions: + mdmComplianceStatus: + description: MdmComplianceStatus flag. + type: bool + mdmEncrypted: + description: MdmEncrypted flag. + type: bool + mdmEnrolled: + description: MdmEnrolled flag. + type: bool + mdmIMEI: + description: Endpoint's mdmIMEI. + type: str + mdmJailBroken: + description: MdmJailBroken flag. + type: bool + mdmManufacturer: + description: Endpoint's mdmManufacturer. + type: str + mdmModel: + description: Endpoint's mdmModel. + type: str + mdmOS: + description: Endpoint's mdmOS. + type: str + mdmPhoneNumber: + description: Endpoint's mdmPhoneNumber. + type: str + mdmPinlock: + description: MdmPinlock flag. + type: bool + mdmReachable: + description: MdmReachable flag. + type: bool + mdmSerial: + description: Endpoint's mdmSerial. + type: str + mdmServerName: + description: Endpoint's mdmServerName. + type: str + type: dict + name: + description: Endpoint's name. + type: str + portalUser: + description: Endpoint's portalUser. + type: str + profileId: + description: Endpoint's profileId. + type: str + staticGroupAssignment: + description: StaticGroupAssignment flag. + type: bool + staticProfileAssignment: + description: StaticProfileAssignment flag. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.create_endpoint, + endpoint.Endpoint.delete_endpoint_by_id, + endpoint.Endpoint.update_endpoint_by_id, + + - Paths used are + post /ers/config/endpoint, + delete /ers/config/endpoint/{id}, + put /ers/config/endpoint/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.endpoint: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customAttributes: + customAttributes: {} + description: string + groupId: string + id: string + identityStore: string + identityStoreId: string + mac: string + mdmAttributes: + mdmComplianceStatus: true + mdmEncrypted: true + mdmEnrolled: true + mdmIMEI: string + mdmJailBroken: true + mdmManufacturer: string + mdmModel: string + mdmOS: string + mdmPhoneNumber: string + mdmPinlock: true + mdmReachable: true + mdmSerial: string + mdmServerName: string + portalUser: string + profileId: string + staticGroupAssignment: true + staticProfileAssignment: true + +- name: Delete by id + cisco.ise.endpoint: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.endpoint: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customAttributes: + customAttributes: {} + description: string + groupId: string + identityStore: string + identityStoreId: string + mac: string + mdmAttributes: + mdmComplianceStatus: true + mdmEncrypted: true + mdmEnrolled: true + mdmIMEI: string + mdmJailBroken: true + mdmManufacturer: string + mdmModel: string + mdmOS: string + mdmPhoneNumber: string + mdmPinlock: true + mdmReachable: true + mdmSerial: string + mdmServerName: string + portalUser: string + profileId: string + staticGroupAssignment: true + staticProfileAssignment: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "mac": "string", + "profileId": "string", + "staticProfileAssignment": true, + "groupId": "string", + "staticGroupAssignment": true, + "portalUser": "string", + "identityStore": "string", + "identityStoreId": "string", + "mdmAttributes": { + "mdmServerName": "string", + "mdmReachable": true, + "mdmEnrolled": true, + "mdmComplianceStatus": true, + "mdmOS": "string", + "mdmManufacturer": "string", + "mdmModel": "string", + "mdmSerial": "string", + "mdmEncrypted": true, + "mdmPinlock": true, + "mdmJailBroken": true, + "mdmIMEI": "string", + "mdmPhoneNumber": "string" + }, + "customAttributes": { + "customAttributes": {} + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_monitor_status_info.py new file mode 100644 index 00000000..520910f4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_bulk_monitor_status_info +short_description: Information module for Endpoint Bulk Monitor Status +description: +- Get Endpoint Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.monitor_bulk_status_endpoint, + + - Paths used are + get /ers/config/endpoint/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get Endpoint Bulk Monitor Status by id + cisco.ise.endpoint_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_request.py new file mode 100644 index 00000000..dafe2a80 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_bulk_request +short_description: Resource module for Endpoint Bulk Request +description: +- Manage operation update of the resource Endpoint Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: Endpoint Bulk Request's operationType. + type: str + resourceMediaType: + description: Endpoint Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.bulk_request_for_endpoint, + + - Paths used are + put /ers/config/endpoint/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.endpoint_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_certificate.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_certificate.py new file mode 100644 index 00000000..8f31278f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_certificate.py @@ -0,0 +1,97 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_certificate +short_description: Resource module for Endpoint Certificate +description: +- Manage operation update of the resource Endpoint Certificate. +- This API allows the client to create an endpoint certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + certTemplateName: + description: Name of an Internal CA template. + type: str + certificateRequest: + description: Key value map. Must have CN and SAN entries. + suboptions: + cn: + description: Matches the requester's User Name, unless the Requester is an ERS + Admin. ERS Admins are allowed to create requests for any CN. + type: str + san: + description: Valid MAC Address, delimited by '-'. + type: str + type: dict + dirPath: + description: Directory absolute path. Defaults to the current working directory. + type: str + filename: + description: The filename used to save the download file. + type: str + format: + description: Allowed values - PKCS12, - PKCS12_CHAIN, - PKCS8, - PKCS8_CHAIN. + type: str + password: + description: Protects the private key. Must have more than 8 characters, less than + 15 characters, at least one upper case letter, at least one lower case letter, + at least one digit, and can only contain A-Za-z0-9_#. + type: str + saveFile: + description: Enable or disable automatic file creation of raw response. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for EndpointCertificate + description: Complete reference of the EndpointCertificate API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!endpointcert +notes: + - SDK Method used are + endpoint_certificate.EndpointCertificate.create_endpoint_certificate, + + - Paths used are + put /ers/config/endpointcert/certRequest, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.endpoint_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + certTemplateName: string + certificateRequest: + cn: string + san: string + dirPath: /tmp/downloads/ + filename: download_filename.extension + format: string + password: string + saveFile: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "data": "filecontent", + "filename": "filename", + "dirpath": "download/directory", + "path": "download/directory/filename" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_deregister.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_deregister.py new file mode 100644 index 00000000..2835d630 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_deregister.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_deregister +short_description: Resource module for Endpoint Deregister +description: +- Manage operation update of the resource Endpoint Deregister. +- This API allows the client to de-register an endpoint. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.deregister_endpoint, + + - Paths used are + put /ers/config/endpoint/{id}/deregister, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.endpoint_deregister: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_get_rejected_endpoints_info.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_get_rejected_endpoints_info.py new file mode 100644 index 00000000..a99a9c02 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_get_rejected_endpoints_info.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_get_rejected_endpoints_info +short_description: Information module for Endpoint Get Rejected Endpoints +description: +- Get all Endpoint Get Rejected Endpoints. +- This API allows the client to get the rejected endpoints. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.get_rejected_endpoints, + + - Paths used are + get /ers/config/endpoint/getrejectedendpoints, + +""" + +EXAMPLES = r""" +- name: Get all Endpoint Get Rejected Endpoints + cisco.ise.endpoint_get_rejected_endpoints_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_group.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_group.py new file mode 100644 index 00000000..95dd6f65 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_group.py @@ -0,0 +1,126 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_group +short_description: Resource module for Endpoint Group +description: +- Manage operations create, update and delete of the resource Endpoint Group. +- This API creates an endpoint identity group. +- This API deletes an endpoint identity group. +- This API allows the client to update an endpoint identity group. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Endpoint Group's description. + type: str + id: + description: Endpoint Group's id. + type: str + name: + description: Endpoint Group's name. + type: str + systemDefined: + description: SystemDefined flag. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for EndpointIdentityGroup + description: Complete reference of the EndpointIdentityGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!endpointgroup +notes: + - SDK Method used are + endpoint_identity_group.EndpointIdentityGroup.create_endpoint_group, + endpoint_identity_group.EndpointIdentityGroup.delete_endpoint_group_by_id, + endpoint_identity_group.EndpointIdentityGroup.update_endpoint_group_by_id, + + - Paths used are + post /ers/config/endpointgroup, + delete /ers/config/endpointgroup/{id}, + put /ers/config/endpointgroup/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.endpoint_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + systemDefined: true + +- name: Delete by id + cisco.ise.endpoint_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.endpoint_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + name: string + systemDefined: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "systemDefined": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_group_info.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_group_info.py new file mode 100644 index 00000000..89823b7c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_group_info.py @@ -0,0 +1,166 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_group_info +short_description: Information module for Endpoint Group +description: +- Get all Endpoint Group. +- Get Endpoint Group by id. +- Get Endpoint Group by name. +- This API allows the client to get all the endpoint identity groups. +- This API allows the client to get an endpoint identity group by ID. +- This API allows the client to get an endpoint identity group by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for EndpointIdentityGroup + description: Complete reference of the EndpointIdentityGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!endpointgroup +notes: + - SDK Method used are + endpoint_identity_group.EndpointIdentityGroup.get_endpoint_group_by_id, + endpoint_identity_group.EndpointIdentityGroup.get_endpoint_group_by_name, + endpoint_identity_group.EndpointIdentityGroup.get_endpoint_groups_generator, + + - Paths used are + get /ers/config/endpointgroup, + get /ers/config/endpointgroup/name/{name}, + get /ers/config/endpointgroup/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Endpoint Group + cisco.ise.endpoint_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Endpoint Group by id + cisco.ise.endpoint_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Endpoint Group by name + cisco.ise.endpoint_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "systemDefined": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "systemDefined": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_info.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_info.py new file mode 100644 index 00000000..01587f8b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_info.py @@ -0,0 +1,212 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_info +short_description: Information module for Endpoint +description: +- Get all Endpoint. +- Get Endpoint by id. +- Get Endpoint by name. +- This API allows the client to get all the endpoints. +- This API allows the client to get an endpoint by ID. +- This API allows the client to get an endpoint by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.get_endpoint_by_id, + endpoint.Endpoint.get_endpoint_by_name, + endpoint.Endpoint.get_endpoints_generator, + + - Paths used are + get /ers/config/endpoint, + get /ers/config/endpoint/name/{name}, + get /ers/config/endpoint/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Endpoint + cisco.ise.endpoint_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Endpoint by id + cisco.ise.endpoint_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Endpoint by name + cisco.ise.endpoint_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "mac": "string", + "profileId": "string", + "staticProfileAssignment": true, + "groupId": "string", + "staticGroupAssignment": true, + "portalUser": "string", + "identityStore": "string", + "identityStoreId": "string", + "mdmAttributes": { + "mdmServerName": "string", + "mdmReachable": true, + "mdmEnrolled": true, + "mdmComplianceStatus": true, + "mdmOS": "string", + "mdmManufacturer": "string", + "mdmModel": "string", + "mdmSerial": "string", + "mdmEncrypted": true, + "mdmPinlock": true, + "mdmJailBroken": true, + "mdmIMEI": "string", + "mdmPhoneNumber": "string" + }, + "customAttributes": { + "customAttributes": {} + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "mac": "string", + "profileId": "string", + "staticProfileAssignment": true, + "groupId": "string", + "staticGroupAssignment": true, + "portalUser": "string", + "identityStore": "string", + "identityStoreId": "string", + "mdmAttributes": { + "mdmServerName": "string", + "mdmReachable": true, + "mdmEnrolled": true, + "mdmComplianceStatus": true, + "mdmOS": "string", + "mdmManufacturer": "string", + "mdmModel": "string", + "mdmSerial": "string", + "mdmEncrypted": true, + "mdmPinlock": true, + "mdmJailBroken": true, + "mdmIMEI": "string", + "mdmPhoneNumber": "string" + }, + "customAttributes": { + "customAttributes": {} + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_register.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_register.py new file mode 100644 index 00000000..139631d2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_register.py @@ -0,0 +1,158 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_register +short_description: Resource module for Endpoint Register +description: +- Manage operation update of the resource Endpoint Register. +- This API allows the client to register an endpoint. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customAttributes: + description: Endpoint Register's customAttributes. + suboptions: + customAttributes: + description: Key value map. + type: dict + type: dict + description: + description: Endpoint Register's description. + type: str + groupId: + description: Endpoint Register's groupId. + type: str + id: + description: Endpoint Register's id. + type: str + identityStore: + description: Endpoint Register's identityStore. + type: str + identityStoreId: + description: Endpoint Register's identityStoreId. + type: str + mac: + description: Endpoint Register's mac. + type: str + mdmAttributes: + description: Endpoint Register's mdmAttributes. + suboptions: + mdmComplianceStatus: + description: MdmComplianceStatus flag. + type: bool + mdmEncrypted: + description: MdmEncrypted flag. + type: bool + mdmEnrolled: + description: MdmEnrolled flag. + type: bool + mdmIMEI: + description: Endpoint Register's mdmIMEI. + type: str + mdmJailBroken: + description: MdmJailBroken flag. + type: bool + mdmManufacturer: + description: Endpoint Register's mdmManufacturer. + type: str + mdmModel: + description: Endpoint Register's mdmModel. + type: str + mdmOS: + description: Endpoint Register's mdmOS. + type: str + mdmPhoneNumber: + description: Endpoint Register's mdmPhoneNumber. + type: str + mdmPinlock: + description: MdmPinlock flag. + type: bool + mdmReachable: + description: MdmReachable flag. + type: bool + mdmSerial: + description: Endpoint Register's mdmSerial. + type: str + mdmServerName: + description: Endpoint Register's mdmServerName. + type: str + type: dict + name: + description: Endpoint Register's name. + type: str + portalUser: + description: Endpoint Register's portalUser. + type: str + profileId: + description: Endpoint Register's profileId. + type: str + staticGroupAssignment: + description: StaticGroupAssignment flag. + type: bool + staticProfileAssignment: + description: StaticProfileAssignment flag. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.register_endpoint, + + - Paths used are + put /ers/config/endpoint/register, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.endpoint_register: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + customAttributes: + customAttributes: {} + description: string + groupId: string + id: string + identityStore: string + identityStoreId: string + mac: string + mdmAttributes: + mdmComplianceStatus: true + mdmEncrypted: true + mdmEnrolled: true + mdmIMEI: string + mdmJailBroken: true + mdmManufacturer: string + mdmModel: string + mdmOS: string + mdmPhoneNumber: string + mdmPinlock: true + mdmReachable: true + mdmSerial: string + mdmServerName: string + name: string + portalUser: string + profileId: string + staticGroupAssignment: true + staticProfileAssignment: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/endpoint_release_rejected_endpoint.py b/ansible_collections/cisco/ise/plugins/modules/endpoint_release_rejected_endpoint.py new file mode 100644 index 00000000..82888e4e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/endpoint_release_rejected_endpoint.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: endpoint_release_rejected_endpoint +short_description: Resource module for Endpoint Release Rejected Endpoint +description: +- Manage operation update of the resource Endpoint Release Rejected Endpoint. +- This API allows the client to release a rejected endpoint. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + endpoint.Endpoint.release_rejected_endpoint, + + - Paths used are + put /ers/config/endpoint/{id}/releaserejectedendpoint, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.endpoint_release_rejected_endpoint: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/external_radius_server.py b/ansible_collections/cisco/ise/plugins/modules/external_radius_server.py new file mode 100644 index 00000000..50d1ff07 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/external_radius_server.py @@ -0,0 +1,188 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: external_radius_server +short_description: Resource module for External RADIUS Server +description: +- Manage operations create, update and delete of the resource External RADIUS Server. +- This API creates an external RADIUS server. +- This API deletes an external RADIUS server. +- This API allows the client to update an external RADIUS server. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + accountingPort: + description: Valid Range 1 to 65535. + type: int + authenticationPort: + description: Valid Range 1 to 65535. + type: int + authenticatorKey: + description: The authenticatorKey is required only if enableKeyWrap is true, otherwise + it must be ignored or empty. The maximum length is 20 ASCII characters or 40 HEXADECIMAL + characters (depend on selection in field 'keyInputFormat'). + type: str + description: + description: External RADIUS Server's description. + type: str + enableKeyWrap: + description: KeyWrap may only be enabled if it is supported on the device. When + running in FIPS mode this option should be enabled for such devices. + type: bool + encryptionKey: + description: The encryptionKey is required only if enableKeyWrap is true, otherwise + it must be ignored or empty. The maximum length is 16 ASCII characters or 32 HEXADECIMAL + characters (depend on selection in field 'keyInputFormat'). + type: str + hostIP: + description: The IP of the host - must be a valid IPV4 address. + type: str + id: + description: External RADIUS Server's id. + type: str + keyInputFormat: + description: Specifies the format of the input for fields 'encryptionKey' and 'authenticatorKey'. + Allowed Values - ASCII - HEXADECIMAL. + type: str + name: + description: Resource Name. Allowed charactera are alphanumeric and _ (underscore). + type: str + proxyTimeout: + description: Valid Range 1 to 600. + type: int + retries: + description: Valid Range 1 to 9. + type: int + sharedSecret: + description: Shared secret maximum length is 128 characters. + type: str + timeout: + description: Valid Range 1 to 120. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + external_radius_server.ExternalRadiusServer.create_external_radius_server, + external_radius_server.ExternalRadiusServer.delete_external_radius_server_by_id, + external_radius_server.ExternalRadiusServer.update_external_radius_server_by_id, + + - Paths used are + post /ers/config/externalradiusserver, + delete /ers/config/externalradiusserver/{id}, + put /ers/config/externalradiusserver/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.external_radius_server: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accountingPort: 0 + authenticationPort: 0 + authenticatorKey: string + description: string + enableKeyWrap: true + encryptionKey: string + hostIP: string + id: string + keyInputFormat: string + name: string + proxyTimeout: 0 + retries: 0 + sharedSecret: string + timeout: 0 + +- name: Delete by id + cisco.ise.external_radius_server: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.external_radius_server: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accountingPort: 0 + authenticationPort: 0 + authenticatorKey: string + description: string + enableKeyWrap: true + encryptionKey: string + hostIP: string + keyInputFormat: string + name: string + proxyTimeout: 0 + retries: 0 + sharedSecret: string + timeout: 0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "sharedSecret": "string", + "enableKeyWrap": true, + "encryptionKey": "string", + "authenticatorKey": "string", + "keyInputFormat": "string", + "authenticationPort": 0, + "accountingPort": 0, + "timeout": 0, + "retries": 0, + "proxyTimeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/external_radius_server_info.py b/ansible_collections/cisco/ise/plugins/modules/external_radius_server_info.py new file mode 100644 index 00000000..8b597d05 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/external_radius_server_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: external_radius_server_info +short_description: Information module for External RADIUS Server +description: +- Get all External RADIUS Server. +- Get External RADIUS Server by id. +- Get External RADIUS Server by name. +- This API allows the client to get all the external RADIUS servers. +- This API allows the client to get an external RADIUS server by ID. +- This API allows the client to get an external RADIUS server by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + external_radius_server.ExternalRadiusServer.get_external_radius_server_by_id, + external_radius_server.ExternalRadiusServer.get_external_radius_server_by_name, + external_radius_server.ExternalRadiusServer.get_external_radius_server_generator, + + - Paths used are + get /ers/config/externalradiusserver, + get /ers/config/externalradiusserver/name/{name}, + get /ers/config/externalradiusserver/{id}, + +""" + +EXAMPLES = r""" +- name: Get all External RADIUS Server + cisco.ise.external_radius_server_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get External RADIUS Server by id + cisco.ise.external_radius_server_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get External RADIUS Server by name + cisco.ise.external_radius_server_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "sharedSecret": "string", + "enableKeyWrap": true, + "encryptionKey": "string", + "authenticatorKey": "string", + "keyInputFormat": "string", + "authenticationPort": 0, + "accountingPort": 0, + "timeout": 0, + "retries": 0, + "proxyTimeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "sharedSecret": "string", + "enableKeyWrap": true, + "encryptionKey": "string", + "authenticatorKey": "string", + "keyInputFormat": "string", + "authenticationPort": 0, + "accountingPort": 0, + "timeout": 0, + "retries": 0, + "proxyTimeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/filter_policy.py b/ansible_collections/cisco/ise/plugins/modules/filter_policy.py new file mode 100644 index 00000000..9a23b0c1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/filter_policy.py @@ -0,0 +1,123 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: filter_policy +short_description: Resource module for Filter Policy +description: +- Manage operations create, update and delete of the resource Filter Policy. +- This API creates a filter policy. +- This API deletes a filter policy. +- This API allows the client to update a filter policy. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + domains: + description: List of SXP Domains, separated with comma. + type: str + id: + description: Id path parameter. + type: str + sgt: + description: SGT name or ID. At least one of subnet or sgt or vn should be defined. + type: str + subnet: + description: Subnet for filter policy (hostname is not supported). At least one + of subnet or sgt or vn should be defined. + type: str + vn: + description: Virtual Network. At least one of subnet or sgt or vn should be defined. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + filter_policy.FilterPolicy.create_filter_policy, + filter_policy.FilterPolicy.delete_filter_policy_by_id, + filter_policy.FilterPolicy.update_filter_policy_by_id, + + - Paths used are + post /ers/config/filterpolicy, + delete /ers/config/filterpolicy/{id}, + put /ers/config/filterpolicy/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.filter_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + domains: string + id: string + sgt: string + subnet: string + vn: string + +- name: Delete by id + cisco.ise.filter_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.filter_policy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + domains: string + sgt: string + subnet: string + vn: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "subnet": "string", + "domains": "string", + "sgt": "string", + "vn": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/filter_policy_info.py b/ansible_collections/cisco/ise/plugins/modules/filter_policy_info.py new file mode 100644 index 00000000..01f9c6e7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/filter_policy_info.py @@ -0,0 +1,97 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: filter_policy_info +short_description: Information module for Filter Policy +description: +- Get all Filter Policy. +- Get Filter Policy by id. +- This API allows the client to get a filter policy by ID. +- This API allows the client to get all the filter policies. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + filter_policy.FilterPolicy.get_filter_policy_by_id, + filter_policy.FilterPolicy.get_filter_policy_generator, + + - Paths used are + get /ers/config/filterpolicy, + get /ers/config/filterpolicy/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Filter Policy + cisco.ise.filter_policy_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Filter Policy by id + cisco.ise.filter_policy_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "subnet": "string", + "domains": "string", + "sgt": "string", + "vn": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "subnet": "string", + "domains": "string", + "sgt": "string", + "vn": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_location_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_location_info.py new file mode 100644 index 00000000..2c82fa37 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_location_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_location_info +short_description: Information module for Guest Location +description: +- Get all Guest Location. +- Get Guest Location by id. +- This API allows the client to get a guest location by ID. +- This API allows the client to get all the guest locations. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_location.GuestLocation.get_guest_location_by_id, + guest_location.GuestLocation.get_guest_location_generator, + + - Paths used are + get /ers/config/guestlocation, + get /ers/config/guestlocation/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Guest Location + cisco.ise.guest_location_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Guest Location by id + cisco.ise.guest_location_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings.py b/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings.py new file mode 100644 index 00000000..10910f02 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings.py @@ -0,0 +1,155 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_smtp_notification_settings +short_description: Resource module for Guest SMTP Notification Settings +description: +- Manage operations create and update of the resource Guest SMTP Notification Settings. +- This API creates a guest SMTP notification configuration. +- This API allows the client to update a SMTP configuration setting. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + connectionTimeout: + description: Interval in seconds for all the SMTP client connections. + type: str + defaultFromAddress: + description: The default from email address to be used to send emails from. + type: str + id: + description: Guest SMTP Notification Settings's id. + type: str + notificationEnabled: + description: Indicates if the email notification service is to be enabled. + type: bool + password: + description: Password of Secure SMTP server. + type: str + smtpPort: + description: Port at which SMTP Secure Server is listening. + type: str + smtpServer: + description: The SMTP server ip address or fqdn such as outbound.mycompany.com. + type: str + useDefaultFromAddress: + description: If the default from address should be used rather than using a sponsor + user email address. + type: bool + usePasswordAuthentication: + description: If configured to true, SMTP server authentication will happen using + username/password. + type: bool + useTLSorSSLEncryption: + description: If configured to true, SMTP server authentication will happen using + TLS/SSL. + type: bool + userName: + description: Username of Secure SMTP server. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_smtp_notification_configuration.GuestSmtpNotificationConfiguration.create_guest_smtp_notification_settings, + guest_smtp_notification_configuration.GuestSmtpNotificationConfiguration.update_guest_smtp_notification_settings_by_id, + + - Paths used are + post /ers/config/guestsmtpnotificationsettings, + put /ers/config/guestsmtpnotificationsettings/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_smtp_notification_settings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + connectionTimeout: string + defaultFromAddress: string + id: string + notificationEnabled: true + password: string + smtpPort: string + smtpServer: string + useDefaultFromAddress: true + usePasswordAuthentication: true + useTLSorSSLEncryption: true + userName: string + +- name: Create + cisco.ise.guest_smtp_notification_settings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + connectionTimeout: string + defaultFromAddress: string + notificationEnabled: true + password: string + smtpPort: string + smtpServer: string + useDefaultFromAddress: true + usePasswordAuthentication: true + useTLSorSSLEncryption: true + userName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "smtpServer": "string", + "notificationEnabled": true, + "useDefaultFromAddress": true, + "defaultFromAddress": "string", + "smtpPort": "string", + "connectionTimeout": "string", + "useTLSorSSLEncryption": true, + "usePasswordAuthentication": true, + "userName": "string", + "password": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings_info.py new file mode 100644 index 00000000..7f815219 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_smtp_notification_settings_info.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_smtp_notification_settings_info +short_description: Information module for Guest SMTP Notification Settings +description: +- Get all Guest SMTP Notification Settings. +- Get Guest SMTP Notification Settings by id. +- This API allows the client to get a guest SMTP notification configuration by. +- This API allows the client to get all the guest SMTP notification. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_smtp_notification_configuration.GuestSmtpNotificationConfiguration.get_guest_smtp_notification_settings_by_id, + guest_smtp_notification_configuration.GuestSmtpNotificationConfiguration.get_guest_smtp_notification_settings_generator, + + - Paths used are + get /ers/config/guestsmtpnotificationsettings, + get /ers/config/guestsmtpnotificationsettings/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Guest SMTP Notification Settings + cisco.ise.guest_smtp_notification_settings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Guest SMTP Notification Settings by id + cisco.ise.guest_smtp_notification_settings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "smtpServer": "string", + "notificationEnabled": true, + "useDefaultFromAddress": true, + "defaultFromAddress": "string", + "smtpPort": "string", + "connectionTimeout": "string", + "useTLSorSSLEncryption": true, + "usePasswordAuthentication": true, + "userName": "string", + "password": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "smtpServer": "string", + "notificationEnabled": true, + "useDefaultFromAddress": true, + "defaultFromAddress": "string", + "smtpPort": "string", + "connectionTimeout": "string", + "useTLSorSSLEncryption": true, + "usePasswordAuthentication": true, + "userName": "string", + "password": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_ssid.py b/ansible_collections/cisco/ise/plugins/modules/guest_ssid.py new file mode 100644 index 00000000..8caf673c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_ssid.py @@ -0,0 +1,111 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_ssid +short_description: Resource module for Guest SSID +description: +- Manage operations create, update and delete of the resource Guest SSID. +- This API creates a guest SSID. +- This API deletes a guest SSID by ID. +- This API allows the client to update a guest SSID by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Guest SSID's id. + type: str + name: + description: Resource Name. Name may contain alphanumeric or any of the following + characters _.-. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_ssid.GuestSsid.create_guest_ssid, + guest_ssid.GuestSsid.delete_guest_ssid_by_id, + guest_ssid.GuestSsid.update_guest_ssid_by_id, + + - Paths used are + post /ers/config/guestssid, + delete /ers/config/guestssid/{id}, + put /ers/config/guestssid/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_ssid: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + name: string + +- name: Delete by id + cisco.ise.guest_ssid: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.guest_ssid: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_ssid_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_ssid_info.py new file mode 100644 index 00000000..087a7e0e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_ssid_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_ssid_info +short_description: Information module for Guest SSID +description: +- Get all Guest SSID. +- Get Guest SSID by id. +- This API allows the client to get a guest SSID by ID. +- This API allows the client to get all the guest SSIDs. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_ssid.GuestSsid.get_guest_ssid_by_id, + guest_ssid.GuestSsid.get_guest_ssid_generator, + + - Paths used are + get /ers/config/guestssid, + get /ers/config/guestssid/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Guest SSID + cisco.ise.guest_ssid_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Guest SSID by id + cisco.ise.guest_ssid_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_type.py b/ansible_collections/cisco/ise/plugins/modules/guest_type.py new file mode 100644 index 00000000..2318caaa --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_type.py @@ -0,0 +1,303 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_type +short_description: Resource module for Guest Type +description: +- Manage operations create, update and delete of the resource Guest Type. +- This API creates a guest type. +- This API deletes a guest type. +- This API allows the client to update a guest type. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + accessTime: + description: Guest Type's accessTime. + suboptions: + allowAccessOnSpecificDaysTimes: + description: AllowAccessOnSpecificDaysTimes flag. + type: bool + dayTimeLimits: + description: List of Time Ranges for account access. + elements: dict + suboptions: + days: + description: List of Days Values should be one of Week day. Allowed values + are - Sunday, - Monday, - Tuesday, - Wednesday, - Thursday, - Friday, + - Saturday. + elements: str + type: list + endTime: + description: End time in HH mm format. + type: str + startTime: + description: Start time in HH mm format. + type: str + type: list + defaultDuration: + description: Guest Type's defaultDuration. + type: int + durationTimeUnit: + description: Allowed values are - DAYS, - HOURS, - MINUTES. + type: str + fromFirstLogin: + description: When Account Duration starts from first login or specified date. + type: bool + maxAccountDuration: + description: Maximum value of Account Duration. + type: int + type: dict + description: + description: Guest Type's description. + type: str + expirationNotification: + description: Expiration Notification Settings. + suboptions: + advanceNotificationDuration: + description: Send Account Expiration Notification Duration before ( Days, Hours, + Minutes ). + type: int + advanceNotificationUnits: + description: Allowed values are - DAYS, - HOURS, - MINUTES. + type: str + emailText: + description: Guest Type's emailText. + type: str + enableNotification: + description: Enable Notification settings. + type: bool + sendEmailNotification: + description: Enable Email Notification. + type: bool + sendSMSNotification: + description: Maximum devices guests can register. + type: bool + smsText: + description: Guest Type's smsText. + type: str + type: dict + id: + description: Guest Type's id. + type: str + isDefaultType: + description: IsDefaultType flag. + type: bool + loginOptions: + description: Guest Type's loginOptions. + suboptions: + allowGuestPortalBypass: + description: AllowGuestPortalBypass flag. + type: bool + failureAction: + description: When Guest Exceeds limit this action will be invoked. Allowed values + are - Disconnect_Oldest_Connection, - Disconnect_Newest_Connection. + type: str + identityGroupId: + description: Guest Type's identityGroupId. + type: str + limitSimultaneousLogins: + description: Enable Simultaneous Logins. + type: bool + maxRegisteredDevices: + description: Maximum devices guests can register. + type: int + maxSimultaneousLogins: + description: Number of Simultaneous Logins. + type: int + type: dict + name: + description: Guest Type's name. + type: str + sponsorGroups: + description: Guest Type's sponsorGroups. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_type.GuestType.create_guest_type, + guest_type.GuestType.delete_guest_type_by_id, + guest_type.GuestType.update_guest_type_by_id, + + - Paths used are + post /ers/config/guesttype, + delete /ers/config/guesttype/{id}, + put /ers/config/guesttype/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_type: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accessTime: + allowAccessOnSpecificDaysTimes: true + dayTimeLimits: + - days: + - string + endTime: string + startTime: string + defaultDuration: 0 + durationTimeUnit: string + fromFirstLogin: true + maxAccountDuration: 0 + description: string + expirationNotification: + advanceNotificationDuration: 0 + advanceNotificationUnits: string + emailText: string + enableNotification: true + sendEmailNotification: true + sendSmsNotification: true + smsText: string + id: string + isDefaultType: true + loginOptions: + allowGuestPortalBypass: true + failureAction: string + identityGroupId: string + limitSimultaneousLogins: true + maxRegisteredDevices: 0 + maxSimultaneousLogins: 0 + name: string + sponsorGroups: + - string + +- name: Delete by id + cisco.ise.guest_type: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.guest_type: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + accessTime: + allowAccessOnSpecificDaysTimes: true + dayTimeLimits: + - days: + - string + endTime: string + startTime: string + defaultDuration: 0 + durationTimeUnit: string + fromFirstLogin: true + maxAccountDuration: 0 + description: string + expirationNotification: + advanceNotificationDuration: 0 + advanceNotificationUnits: string + emailText: string + enableNotification: true + sendEmailNotification: true + sendSmsNotification: true + smsText: string + isDefaultType: true + loginOptions: + allowGuestPortalBypass: true + failureAction: string + identityGroupId: string + limitSimultaneousLogins: true + maxRegisteredDevices: 0 + maxSimultaneousLogins: 0 + name: string + sponsorGroups: + - string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "isDefaultType": true, + "accessTime": { + "fromFirstLogin": true, + "maxAccountDuration": 0, + "durationTimeUnit": "string", + "defaultDuration": 0, + "allowAccessOnSpecificDaysTimes": true, + "dayTimeLimits": [ + { + "startTime": "string", + "endTime": "string", + "days": [ + "string" + ] + } + ] + }, + "loginOptions": { + "limitSimultaneousLogins": true, + "maxSimultaneousLogins": 0, + "failureAction": "string", + "maxRegisteredDevices": 0, + "identityGroupId": "string", + "allowGuestPortalBypass": true + }, + "expirationNotification": { + "enableNotification": true, + "advanceNotificationDuration": 0, + "advanceNotificationUnits": "string", + "sendEmailNotification": true, + "emailText": "string", + "sendSmsNotification": true, + "smsText": "string" + }, + "sponsorGroups": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_type_email.py b/ansible_collections/cisco/ise/plugins/modules/guest_type_email.py new file mode 100644 index 00000000..12b593e2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_type_email.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_type_email +short_description: Resource module for Guest Type Email +description: +- Manage operation update of the resource Guest Type Email. +- This API allows the client to update a guest type email by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Guest Type Email's additionalData. + elements: dict + suboptions: + name: + description: Guest Type Email's name. + type: str + value: + description: Guest Type Email's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_type.GuestType.update_guest_type_email, + + - Paths used are + put /ers/config/guesttype/email/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_type_email: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: emailAddress + value: emailAddress + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_type_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_type_info.py new file mode 100644 index 00000000..dcf1461a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_type_info.py @@ -0,0 +1,217 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_type_info +short_description: Information module for Guest Type +description: +- Get all Guest Type. +- Get Guest Type by id. +- This API allows the client to get a guest type by ID. +- This API allows the client to get all the guest types. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_type.GuestType.get_guest_type_by_id, + guest_type.GuestType.get_guest_type_generator, + + - Paths used are + get /ers/config/guesttype, + get /ers/config/guesttype/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Guest Type + cisco.ise.guest_type_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Guest Type by id + cisco.ise.guest_type_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "isDefaultType": true, + "accessTime": { + "fromFirstLogin": true, + "maxAccountDuration": 0, + "durationTimeUnit": "string", + "defaultDuration": 0, + "allowAccessOnSpecificDaysTimes": true, + "dayTimeLimits": [ + { + "startTime": "string", + "endTime": "string", + "days": [ + "string" + ] + } + ] + }, + "loginOptions": { + "limitSimultaneousLogins": true, + "maxSimultaneousLogins": 0, + "failureAction": "string", + "maxRegisteredDevices": 0, + "identityGroupId": "string", + "allowGuestPortalBypass": true + }, + "expirationNotification": { + "enableNotification": true, + "advanceNotificationDuration": 0, + "advanceNotificationUnits": "string", + "sendEmailNotification": true, + "emailText": "string", + "sendSmsNotification": true, + "smsText": "string" + }, + "sponsorGroups": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "isDefaultType": true, + "accessTime": { + "fromFirstLogin": true, + "maxAccountDuration": 0, + "durationTimeUnit": "string", + "defaultDuration": 0, + "allowAccessOnSpecificDaysTimes": true, + "dayTimeLimits": [ + { + "startTime": "string", + "endTime": "string", + "days": [ + "string" + ] + } + ] + }, + "loginOptions": { + "limitSimultaneousLogins": true, + "maxSimultaneousLogins": 0, + "failureAction": "string", + "maxRegisteredDevices": 0, + "identityGroupId": "string", + "allowGuestPortalBypass": true + }, + "expirationNotification": { + "enableNotification": true, + "advanceNotificationDuration": 0, + "advanceNotificationUnits": "string", + "sendEmailNotification": true, + "emailText": "string", + "sendSmsNotification": true, + "smsText": "string" + }, + "sponsorGroups": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_type_sms.py b/ansible_collections/cisco/ise/plugins/modules/guest_type_sms.py new file mode 100644 index 00000000..d35072ca --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_type_sms.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_type_sms +short_description: Resource module for Guest Type SMS +description: +- Manage operation update of the resource Guest Type SMS. +- This API allows the client to update a guest type sms by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Guest Type SMS's additionalData. + elements: dict + suboptions: + name: + description: Guest Type SMS's name. + type: str + value: + description: Guest Type SMS's value. + type: str + type: list + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_type.GuestType.update_guest_type_sms, + + - Paths used are + put /ers/config/guesttype/sms/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_type_sms: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: phoneNumber + value: phoneNumber + - name: serviceProvider + value: serviceProvider + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user.py b/ansible_collections/cisco/ise/plugins/modules/guest_user.py new file mode 100644 index 00000000..a19118c7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user.py @@ -0,0 +1,337 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user +short_description: Resource module for Guest User +description: +- Manage operations create, update and delete of the resource Guest User. +- This API creates a guest user. +- This API deletes a guest user by ID. +- This API deletes a guest user. +- This API allows the client to update a guest user by ID. +- This API allows the client to update a guest user by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customFields: + description: Key value map. + type: dict + description: + description: Guest User's description. + type: str + guestAccessInfo: + description: Guest User's guestAccessInfo. + suboptions: + fromDate: + description: Guest User's fromDate. + type: str + groupTag: + description: Guest User's groupTag. + type: str + location: + description: Guest User's location. + type: str + ssid: + description: Guest User's ssid. + type: str + toDate: + description: Guest User's toDate. + type: str + validDays: + description: Guest User's validDays. + type: int + type: dict + guestInfo: + description: Guest User's guestInfo. + suboptions: + company: + description: Guest User's company. + type: str + creationTime: + description: Guest User's creationTime. + type: str + emailAddress: + description: Guest User's emailAddress. + type: str + enabled: + description: This field is only for Get operation not applicable for Create, + Update operations. + type: bool + firstName: + description: Guest User's firstName. + type: str + lastName: + description: Guest User's lastName. + type: str + notificationLanguage: + description: Guest User's notificationLanguage. + type: str + password: + description: Guest User's password. + type: str + phoneNumber: + description: Phone number should be E.164 format. + type: str + smsServiceProvider: + description: Guest User's smsServiceProvider. + type: str + userName: + description: If account needs be created with mobile number, please provide + mobile number here. + type: str + type: dict + guestType: + description: Guest User's guestType. + type: str + id: + description: Guest User's id. + type: str + name: + description: Guest User's name. + type: str + portalId: + description: Guest User's portalId. + type: str + reasonForVisit: + description: Guest User's reasonForVisit. + type: str + sponsorUserId: + description: Guest User's sponsorUserId. + type: str + sponsorUserName: + description: Guest User's sponsorUserName. + type: str + status: + description: Guest User's status. + type: str + statusReason: + description: Guest User's statusReason. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.create_guest_user, + guest_user.GuestUser.delete_guest_user_by_id, + guest_user.GuestUser.delete_guest_user_by_name, + guest_user.GuestUser.update_guest_user_by_id, + guest_user.GuestUser.update_guest_user_by_name, + + - Paths used are + post /ers/config/guestuser, + delete /ers/config/guestuser/name/{name}, + delete /ers/config/guestuser/{id}, + put /ers/config/guestuser/name/{name}, + put /ers/config/guestuser/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.guest_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customFields: {} + description: string + guestAccessInfo: + fromDate: string + groupTag: string + location: string + ssid: string + toDate: string + validDays: 0 + guestInfo: + company: string + creationTime: string + emailAddress: string + enabled: true + firstName: string + lastName: string + notificationLanguage: string + password: string + phoneNumber: string + smsServiceProvider: string + userName: string + guestType: string + id: string + name: string + portalId: string + reasonForVisit: string + sponsorUserId: string + sponsorUserName: string + status: string + statusReason: string + +- name: Delete by name + cisco.ise.guest_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.guest_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customFields: {} + description: string + guestAccessInfo: + fromDate: string + groupTag: string + location: string + ssid: string + toDate: string + validDays: 0 + guestInfo: + company: string + creationTime: string + emailAddress: string + enabled: true + firstName: string + lastName: string + notificationLanguage: string + password: string + phoneNumber: string + smsServiceProvider: string + userName: string + guestType: string + id: string + name: string + portalId: string + reasonForVisit: string + sponsorUserId: string + sponsorUserName: string + status: string + statusReason: string + +- name: Delete by id + cisco.ise.guest_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.guest_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customFields: {} + description: string + guestAccessInfo: + fromDate: string + groupTag: string + location: string + ssid: string + toDate: string + validDays: 0 + guestInfo: + company: string + creationTime: string + emailAddress: string + enabled: true + firstName: string + lastName: string + notificationLanguage: string + password: string + phoneNumber: string + smsServiceProvider: string + userName: string + guestType: string + name: string + portalId: string + reasonForVisit: string + sponsorUserId: string + sponsorUserName: string + status: string + statusReason: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "guestType": "string", + "status": "string", + "statusReason": "string", + "reasonForVisit": "string", + "sponsorUserId": "string", + "sponsorUserName": "string", + "guestInfo": { + "firstName": "string", + "lastName": "string", + "company": "string", + "creationTime": "string", + "notificationLanguage": "string", + "userName": "string", + "emailAddress": "string", + "phoneNumber": "string", + "password": "string", + "enabled": true, + "smsServiceProvider": "string" + }, + "guestAccessInfo": { + "validDays": 0, + "fromDate": "string", + "toDate": "string", + "location": "string", + "ssid": "string", + "groupTag": "string" + }, + "portalId": "string", + "customFields": {}, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_approve.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_approve.py new file mode 100644 index 00000000..f5c0295f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_approve.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_approve +short_description: Resource module for Guest User Approve +description: +- Manage operation update of the resource Guest User Approve. +- This API allows the client to approve a guest user by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.approve_guest_user_by_id, + + - Paths used are + put /ers/config/guestuser/approve/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_approve: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_monitor_status_info.py new file mode 100644 index 00000000..f26fe764 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_bulk_monitor_status_info +short_description: Information module for Guest User Bulk Monitor Status +description: +- Get Guest User Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.monitor_bulk_status_guest_user, + + - Paths used are + get /ers/config/guestuser/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get Guest User Bulk Monitor Status by id + cisco.ise.guest_user_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_request.py new file mode 100644 index 00000000..454b982a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_bulk_request +short_description: Resource module for Guest User Bulk Request +description: +- Manage operation update of the resource Guest User Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: Guest User Bulk Request's operationType. + type: str + resourceMediaType: + description: Guest User Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.bulk_request_for_guest_user, + + - Paths used are + put /ers/config/guestuser/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.guest_user_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_change_sponsor_password.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_change_sponsor_password.py new file mode 100644 index 00000000..64dc0193 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_change_sponsor_password.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_change_sponsor_password +short_description: Resource module for Guest User Change Sponsor Password +description: +- Manage operation update of the resource Guest User Change Sponsor Password. +- This API allows the client to change the sponsor password. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Guest User Change Sponsor Password's additionalData. + elements: dict + suboptions: + name: + description: Guest User Change Sponsor Password's name. + type: str + value: + description: Guest User Change Sponsor Password's value. + type: str + type: list + portalId: + description: PortalId path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.change_sponsor_password, + + - Paths used are + put /ers/config/guestuser/changeSponsorPassword/{portalId}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_change_sponsor_password: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: currentPassword + value: password + - name: newPassword + value: password + portalId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_deny.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_deny.py new file mode 100644 index 00000000..b02f5e41 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_deny.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_deny +short_description: Resource module for Guest User Deny +description: +- Manage operation update of the resource Guest User Deny. +- This API allows the client to deny a guest user by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.deny_guest_user_by_id, + + - Paths used are + put /ers/config/guestuser/deny/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_deny: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_email.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_email.py new file mode 100644 index 00000000..f0ba73a2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_email.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_email +short_description: Resource module for Guest User Email +description: +- Manage operation update of the resource Guest User Email. +- This API allows the client to update a guest user email by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Guest User Email's additionalData. + elements: dict + suboptions: + name: + description: Guest User Email's name. + type: str + value: + description: Guest User Email's value. + type: str + type: list + id: + description: Id path parameter. + type: str + portalId: + description: PortalId path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.update_guest_user_email, + + - Paths used are + put /ers/config/guestuser/email/{id}/portalId/{portalId}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_email: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: senderEmail + value: senderEmail + id: string + portalId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_info.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_info.py new file mode 100644 index 00000000..651777e0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_info.py @@ -0,0 +1,218 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_info +short_description: Information module for Guest User +description: +- Get all Guest User. +- Get Guest User by id. +- Get Guest User by name. +- This API allows the client to get a guest user by ID. +- This API allows the client to get a guest user by name. +- This API allows the client to get all the guest users. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.get_guest_user_by_id, + guest_user.GuestUser.get_guest_user_by_name, + guest_user.GuestUser.get_guest_users_generator, + + - Paths used are + get /ers/config/guestuser, + get /ers/config/guestuser/name/{name}, + get /ers/config/guestuser/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Guest User + cisco.ise.guest_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Guest User by id + cisco.ise.guest_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Guest User by name + cisco.ise.guest_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "guestType": "string", + "status": "string", + "statusReason": "string", + "reasonForVisit": "string", + "sponsorUserId": "string", + "sponsorUserName": "string", + "guestInfo": { + "firstName": "string", + "lastName": "string", + "company": "string", + "creationTime": "string", + "notificationLanguage": "string", + "userName": "string", + "emailAddress": "string", + "phoneNumber": "string", + "password": "string", + "enabled": true, + "smsServiceProvider": "string" + }, + "guestAccessInfo": { + "validDays": 0, + "fromDate": "string", + "toDate": "string", + "location": "string", + "ssid": "string", + "groupTag": "string" + }, + "portalId": "string", + "customFields": {}, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "guestType": "string", + "status": "string", + "statusReason": "string", + "reasonForVisit": "string", + "sponsorUserId": "string", + "sponsorUserName": "string", + "guestInfo": { + "firstName": "string", + "lastName": "string", + "company": "string", + "creationTime": "string", + "notificationLanguage": "string", + "userName": "string", + "emailAddress": "string", + "phoneNumber": "string", + "password": "string", + "enabled": true, + "smsServiceProvider": "string" + }, + "guestAccessInfo": { + "validDays": 0, + "fromDate": "string", + "toDate": "string", + "location": "string", + "ssid": "string", + "groupTag": "string" + }, + "portalId": "string", + "customFields": {}, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_reinstate.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_reinstate.py new file mode 100644 index 00000000..0ead09e6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_reinstate.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_reinstate +short_description: Resource module for Guest User Reinstate +description: +- Manage operation update of the resource Guest User Reinstate. +- This API allows the client to reinstate a guest user by ID. +- This API allows the client to reinstate a guest user by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.reinstate_guest_user_by_id, + guest_user.GuestUser.reinstate_guest_user_by_name, + + - Paths used are + put /ers/config/guestuser/reinstate/name/{name}, + put /ers/config/guestuser/reinstate/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.guest_user_reinstate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +- name: Update by id + cisco.ise.guest_user_reinstate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_reset_password.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_reset_password.py new file mode 100644 index 00000000..b55a3147 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_reset_password.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_reset_password +short_description: Resource module for Guest User Reset Password +description: +- Manage operation update of the resource Guest User Reset Password. +- This API allows the client to reset the guest user password. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.reset_guest_user_password_by_id, + + - Paths used are + put /ers/config/guestuser/resetpassword/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_reset_password: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "OperationResult": { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_sms.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_sms.py new file mode 100644 index 00000000..d02bd0d3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_sms.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_sms +short_description: Resource module for Guest User SMS +description: +- Manage operation update of the resource Guest User SMS. +- This API allows the client to update a guest user sms by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str + portalId: + description: PortalId path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.update_guest_user_sms, + + - Paths used are + put /ers/config/guestuser/sms/{id}/portalId/{portalId}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.guest_user_sms: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + portalId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/guest_user_suspend.py b/ansible_collections/cisco/ise/plugins/modules/guest_user_suspend.py new file mode 100644 index 00000000..e53ed5f2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/guest_user_suspend.py @@ -0,0 +1,80 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: guest_user_suspend +short_description: Resource module for Guest User Suspend +description: +- Manage operation update of the resource Guest User Suspend. +- This API allows the client to suspend a guest user by ID. +- This API allows the client to suspend a guest user by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalData: + description: Guest User Suspend's additionalData. + elements: dict + suboptions: + name: + description: Guest User Suspend's name. + type: str + value: + description: Guest User Suspend's value. + type: str + type: list + id: + description: Id path parameter. + type: str + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + guest_user.GuestUser.suspend_guest_user_by_id, + guest_user.GuestUser.suspend_guest_user_by_name, + + - Paths used are + put /ers/config/guestuser/suspend/name/{name}, + put /ers/config/guestuser/suspend/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.guest_user_suspend: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +- name: Update by id + cisco.ise.guest_user_suspend: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + additionalData: + - name: reason + value: reason + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/hotpatch_info.py b/ansible_collections/cisco/ise/plugins/modules/hotpatch_info.py new file mode 100644 index 00000000..90d37d15 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/hotpatch_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: hotpatch_info +short_description: Information module for Hotpatch +description: +- Get all Hotpatch. +- List all the installed hot patches in the system. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.list_installed_hotpatches, + + - Paths used are + get /api/v1/hotpatch, + +""" + +EXAMPLES = r""" +- name: Get all Hotpatch + cisco.ise.hotpatch_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "hotpatchName": "string", + "installDate": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/hotpatch_install.py b/ansible_collections/cisco/ise/plugins/modules/hotpatch_install.py new file mode 100644 index 00000000..d4cef09b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/hotpatch_install.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: hotpatch_install +short_description: Resource module for Hotpatch Install +description: +- Manage operation create of the resource Hotpatch Install. +- > + Triggers hot patch installation on the Cisco ISE node. A task ID is returned which can be used to monitor the progress of the hot patch installation + process. As hot patch installation triggers the Cisco ISE to restart, the task API becomes unavailable for a certain period of time. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hotpatchName: + description: Hotpatch Install's hotpatchName. + type: str + repositoryName: + description: Hotpatch Install's repositoryName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.install_hotpatch, + + - Paths used are + post /api/v1/hotpatch/install, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.hotpatch_install: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hotpatchName: string + repositoryName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/hotpatch_rollback.py b/ansible_collections/cisco/ise/plugins/modules/hotpatch_rollback.py new file mode 100644 index 00000000..d1ce43a8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/hotpatch_rollback.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: hotpatch_rollback +short_description: Resource module for Hotpatch Rollback +description: +- Manage operation create of the resource Hotpatch Rollback. +- > + Triggers hot patch rollback on the Cisco ISE node. A task ID is returned which can be used to monitor the progress of the hot patch rollback process. As + hot patch rollback triggers the Cisco ISE to restart, the task API becomes unavailable for a certain period of time. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hotpatchName: + description: Hotpatch Rollback's hotpatchName. + type: str + repositoryName: + description: Hotpatch Rollback's repositoryName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.rollback_hotpatch, + + - Paths used are + post /api/v1/hotpatch/rollback, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.hotpatch_rollback: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hotpatchName: string + repositoryName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/hotspot_portal.py b/ansible_collections/cisco/ise/plugins/modules/hotspot_portal.py new file mode 100644 index 00000000..aa7f5591 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/hotspot_portal.py @@ -0,0 +1,546 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: hotspot_portal +short_description: Resource module for Hotspot Portal +description: +- Manage operations create, update and delete of the resource Hotspot Portal. +- This API creates a hotspot portal. +- This API deletes a hotspot portal by ID. +- This API allows the client to update a hotspot portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Defines all of the Portal Customizations available. + suboptions: + globalCustomizations: + description: Hotspot Portal's globalCustomizations. + suboptions: + backgroundImage: + description: Hotspot Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: Hotspot Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: Hotspot Portal's bannerTitle. + type: str + contactText: + description: Hotspot Portal's contactText. + type: str + desktopLogoImage: + description: Hotspot Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: Hotspot Portal's footerElement. + type: str + mobileLogoImage: + description: Hotspot Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: Hotspot Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Hotspot Portal's pageCustomizations. + suboptions: + data: + description: Hotspot Portal's data. + elements: dict + suboptions: + key: + description: Hotspot Portal's key. + type: str + value: + description: Hotspot Portal's value. + type: str + type: list + type: dict + portalTheme: + description: Defines the configuration for portal theme. + suboptions: + id: + description: The unique internal identifier of the portal theme. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: Hotspot Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: Hotspot Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: Hotspot Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: Hotspot Portal's description. + type: str + id: + description: Hotspot Portal's id. + type: str + name: + description: Hotspot Portal's name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a BYOD. + suboptions: + aupSettings: + description: Configuration of the Acceptable Use Policy (AUP) for a portal. + suboptions: + accessCode: + description: Access code that must be entered by the portal user (only valid + if requireAccessCode = true). + type: str + includeAup: + description: Require the portal user to read and accept an AUP. + type: bool + requireAccessCode: + description: Require the portal user to enter an access code. Only used + in Hotspot portal. + type: bool + requireScrolling: + description: Require the portal user to scroll to the end of the AUP. Only + valid if requireAupAcceptance = true. + type: bool + type: dict + authSuccessSettings: + description: Hotspot Portal's authSuccessSettings. + suboptions: + redirectUrl: + description: Target URL for redirection, used when successRedirect = URL. + type: str + successRedirect: + description: After an Authentication Success where should device be redirected. + Allowed values - AUTHSUCCESSPAGE, - ORIGINATINGURL, - URL. + type: str + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0 - eth1 - eth2 - eth3 - eth4 - eth5 - bond0 - bond1 - bond2. + elements: str + type: list + alwaysUsedLanguage: + description: Used when displayLang = ALWAYSUSE. + type: str + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + coaType: + description: Allowed Values - COAREAUTHENTICATE, - COATERMINATE. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + endpointIdentityGroup: + description: Unique Id of the endpoint identity group where user's devices + will be added. Used only in Hotspot Portal. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + type: dict + postAccessBannerSettings: + description: Hotspot Portal's postAccessBannerSettings. + suboptions: + includePostAccessBanner: + description: IncludePostAccessBanner flag. + type: bool + type: dict + postLoginBannerSettings: + description: Hotspot Portal's postLoginBannerSettings. + suboptions: + includePostAccessBanner: + description: Include a Post-Login Banner page. + type: bool + type: dict + supportInfoSettings: + description: Portal Support Information Settings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + hotspot_portal.HotspotPortal.create_hotspot_portal, + hotspot_portal.HotspotPortal.delete_hotspot_portal_by_id, + hotspot_portal.HotspotPortal.update_hotspot_portal_by_id, + + - Paths used are + post /ers/config/hotspotportal, + delete /ers/config/hotspotportal/{id}, + put /ers/config/hotspotportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.hotspot_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + accessCode: string + includeAup: true + requireAccessCode: true + requireScrolling: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + coaType: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.hotspot_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.hotspot_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + accessCode: string + includeAup: true + requireAccessCode: true + requireScrolling: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + coaType: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "coaType": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "aupSettings": { + "requireAccessCode": true, + "accessCode": "string", + "includeAup": true, + "requireScrolling": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/hotspot_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/hotspot_portal_info.py new file mode 100644 index 00000000..e2cbb748 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/hotspot_portal_info.py @@ -0,0 +1,309 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: hotspot_portal_info +short_description: Information module for Hotspot Portal +description: +- Get all Hotspot Portal. +- Get Hotspot Portal by id. +- This API allows the client to get a hotspot portal by ID. +- This API allows the client to get all the hotspot portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + hotspot_portal.HotspotPortal.get_hotspot_portal_by_id, + hotspot_portal.HotspotPortal.get_hotspot_portal_generator, + + - Paths used are + get /ers/config/hotspotportal, + get /ers/config/hotspotportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Hotspot Portal + cisco.ise.hotspot_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Hotspot Portal by id + cisco.ise.hotspot_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "coaType": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "aupSettings": { + "requireAccessCode": true, + "accessCode": "string", + "includeAup": true, + "requireScrolling": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "coaType": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "aupSettings": { + "requireAccessCode": true, + "accessCode": "string", + "includeAup": true, + "requireScrolling": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/id_store_sequence.py b/ansible_collections/cisco/ise/plugins/modules/id_store_sequence.py new file mode 100644 index 00000000..259f25ae --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/id_store_sequence.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: id_store_sequence +short_description: Resource module for Id Store Sequence +description: +- Manage operations create, update and delete of the resource Id Store Sequence. +- This API creates an identity sequence. +- This API deletes an identity sequence. +- This API allows the client to update an identity sequence. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + breakOnStoreFail: + description: BreakOnStoreFail flag. + type: bool + certificateAuthenticationProfile: + description: Id Store Sequence's certificateAuthenticationProfile. + type: str + description: + description: Id Store Sequence's description. + type: str + id: + description: Id Store Sequence's id. + type: str + idSeqItem: + description: Id Store Sequence's idSeqItem. + elements: dict + suboptions: + idstore: + description: Id Store Sequence's idstore. + type: str + order: + description: Id Store Sequence's order. + type: int + type: list + name: + description: Id Store Sequence's name. + type: str + parent: + description: Id Store Sequence's parent. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IdentitySequence + description: Complete reference of the IdentitySequence API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!idstoresequence +notes: + - SDK Method used are + identity_sequence.IdentitySequence.create_identity_sequence, + identity_sequence.IdentitySequence.delete_identity_sequence_by_id, + identity_sequence.IdentitySequence.update_identity_sequence_by_id, + + - Paths used are + post /ers/config/idstoresequence, + delete /ers/config/idstoresequence/{id}, + put /ers/config/idstoresequence/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.id_store_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + breakOnStoreFail: true + certificateAuthenticationProfile: string + description: string + id: string + idSeqItem: + - idstore: string + order: 0 + name: string + parent: string + +- name: Delete by id + cisco.ise.id_store_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.id_store_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + breakOnStoreFail: true + certificateAuthenticationProfile: string + description: string + idSeqItem: + - idstore: string + order: 0 + name: string + parent: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "idSeqItem": [ + { + "idstore": "string", + "order": 0 + } + ], + "certificateAuthenticationProfile": "string", + "breakOnStoreFail": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/id_store_sequence_info.py b/ansible_collections/cisco/ise/plugins/modules/id_store_sequence_info.py new file mode 100644 index 00000000..16e99cfb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/id_store_sequence_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: id_store_sequence_info +short_description: Information module for Id Store Sequence +description: +- Get all Id Store Sequence. +- Get Id Store Sequence by id. +- Get Id Store Sequence by name. +- This API allows the client to get all the identity sequences. +- This API allows the client to get an identity sequence by ID. +- This API allows the client to get an identity sequence by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IdentitySequence + description: Complete reference of the IdentitySequence API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!idstoresequence +notes: + - SDK Method used are + identity_sequence.IdentitySequence.get_identity_sequence_by_id, + identity_sequence.IdentitySequence.get_identity_sequence_by_name, + identity_sequence.IdentitySequence.get_identity_sequence_generator, + + - Paths used are + get /ers/config/idstoresequence, + get /ers/config/idstoresequence/name/{name}, + get /ers/config/idstoresequence/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Id Store Sequence + cisco.ise.id_store_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Id Store Sequence by id + cisco.ise.id_store_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Id Store Sequence by name + cisco.ise.id_store_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "idSeqItem": [ + { + "idstore": "string", + "order": 0 + } + ], + "certificateAuthenticationProfile": "string", + "breakOnStoreFail": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "idSeqItem": [ + { + "idstore": "string", + "order": 0 + } + ], + "certificateAuthenticationProfile": "string", + "breakOnStoreFail": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/identity_group.py b/ansible_collections/cisco/ise/plugins/modules/identity_group.py new file mode 100644 index 00000000..c9e017ad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/identity_group.py @@ -0,0 +1,114 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: identity_group +short_description: Resource module for Identity Group +description: +- Manage operations create and update of the resource Identity Group. +- This API creates an identity group. +- This API allows the client to update an identity group. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Identity Group's description. + type: str + id: + description: Identity Group's id. + type: str + name: + description: Identity Group's name. + type: str + parent: + description: Identity Group's parent. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IdentityGroups + description: Complete reference of the IdentityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!identitygroup +notes: + - SDK Method used are + identity_groups.IdentityGroups.create_identity_group, + identity_groups.IdentityGroups.update_identity_group_by_id, + + - Paths used are + post /ers/config/identitygroup, + put /ers/config/identitygroup/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.identity_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + parent: string + +- name: Create + cisco.ise.identity_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + name: string + parent: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/identity_group_info.py b/ansible_collections/cisco/ise/plugins/modules/identity_group_info.py new file mode 100644 index 00000000..460a381e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/identity_group_info.py @@ -0,0 +1,166 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: identity_group_info +short_description: Information module for Identity Group +description: +- Get all Identity Group. +- Get Identity Group by id. +- Get Identity Group by name. +- This API allows the client to get all the identity groups. +- This API allows the client to get an identity group by ID. +- This API allows the client to get an identity group by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IdentityGroups + description: Complete reference of the IdentityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!identitygroup +notes: + - SDK Method used are + identity_groups.IdentityGroups.get_identity_group_by_id, + identity_groups.IdentityGroups.get_identity_group_by_name, + identity_groups.IdentityGroups.get_identity_groups_generator, + + - Paths used are + get /ers/config/identitygroup, + get /ers/config/identitygroup/name/{name}, + get /ers/config/identitygroup/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Identity Group + cisco.ise.identity_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Identity Group by id + cisco.ise.identity_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Identity Group by name + cisco.ise.identity_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "parent": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/internal_user.py b/ansible_collections/cisco/ise/plugins/modules/internal_user.py new file mode 100644 index 00000000..4769df6b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/internal_user.py @@ -0,0 +1,229 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: internal_user +short_description: Resource module for Internal User +description: +- Manage operations create, update and delete of the resource Internal User. +- This API creates an internal user. +- This API deletes an internal user by ID. +- This API deletes an internal user by name. +- This API allows the client to update an internal user by ID. +- This API allows the client to update an internal user by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + changePassword: + description: ChangePassword flag. + type: bool + customAttributes: + description: Key value map. + type: dict + description: + description: Internal User's description. + type: str + email: + description: Internal User's email. + type: str + enablePassword: + description: Internal User's enablePassword. + type: str + enabled: + description: Whether the user is enabled/disabled. To use it as filter, the values + should be 'Enabled' or 'Disabled'. The values are case sensitive. For example, + 'ERSObjectURL?filter=enabled.EQ.Enabled'. + type: bool + expiryDate: + description: To store the internal user's expiry date information. It's format is + = 'YYYY-MM-DD'. + type: str + expiryDateEnabled: + description: ExpiryDateEnabled flag. + type: bool + firstName: + description: Internal User's firstName. + type: str + id: + description: Internal User's id. + type: str + identityGroups: + description: CSV of identity group IDs. + type: str + lastName: + description: Internal User's lastName. + type: str + name: + description: Internal User's name. + type: str + password: + description: Internal User's password. + type: str + passwordIDStore: + description: The id store where the internal user's password is kept. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + internal_user.InternalUser.create_internal_user, + internal_user.InternalUser.delete_internal_user_by_id, + internal_user.InternalUser.delete_internal_user_by_name, + internal_user.InternalUser.update_internal_user_by_id, + internal_user.InternalUser.update_internal_user_by_name, + + - Paths used are + post /ers/config/internaluser, + delete /ers/config/internaluser/name/{name}, + delete /ers/config/internaluser/{id}, + put /ers/config/internaluser/name/{name}, + put /ers/config/internaluser/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.internal_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + changePassword: true + customAttributes: {} + description: string + email: string + enablePassword: string + enabled: true + expiryDate: string + expiryDateEnabled: true + firstName: string + id: string + identityGroups: string + lastName: string + name: string + password: string + passwordIDStore: string + +- name: Delete by name + cisco.ise.internal_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.internal_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + changePassword: true + customAttributes: {} + description: string + email: string + enablePassword: string + enabled: true + expiryDate: string + expiryDateEnabled: true + firstName: string + id: string + identityGroups: string + lastName: string + name: string + password: string + passwordIDStore: string + +- name: Delete by id + cisco.ise.internal_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.internal_user: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + changePassword: true + customAttributes: {} + description: string + email: string + enablePassword: string + enabled: true + expiryDate: string + expiryDateEnabled: true + firstName: string + identityGroups: string + lastName: string + name: string + password: string + passwordIDStore: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "enabled": true, + "email": "string", + "password": "string", + "firstName": "string", + "lastName": "string", + "changePassword": true, + "identityGroups": "string", + "expiryDateEnabled": true, + "expiryDate": "string", + "enablePassword": "string", + "customAttributes": {}, + "passwordIDStore": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/internal_user_info.py b/ansible_collections/cisco/ise/plugins/modules/internal_user_info.py new file mode 100644 index 00000000..7f90f383 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/internal_user_info.py @@ -0,0 +1,184 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: internal_user_info +short_description: Information module for Internal User +description: +- Get all Internal User. +- Get Internal User by id. +- Get Internal User by name. +- This API allows the client to get all the internal users. +- This API allows the client to get an internal user by ID. +- This API allows the client to get an internal user by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + internal_user.InternalUser.get_internal_user_by_id, + internal_user.InternalUser.get_internal_user_by_name, + internal_user.InternalUser.get_internal_user_generator, + + - Paths used are + get /ers/config/internaluser, + get /ers/config/internaluser/name/{name}, + get /ers/config/internaluser/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Internal User + cisco.ise.internal_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Internal User by id + cisco.ise.internal_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Internal User by name + cisco.ise.internal_user_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "enabled": true, + "email": "string", + "password": "string", + "firstName": "string", + "lastName": "string", + "changePassword": true, + "identityGroups": "string", + "expiryDateEnabled": true, + "expiryDate": "string", + "enablePassword": "string", + "customAttributes": {}, + "passwordIDStore": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "enabled": true, + "email": "string", + "password": "string", + "firstName": "string", + "lastName": "string", + "changePassword": true, + "identityGroups": "string", + "expiryDateEnabled": true, + "expiryDate": "string", + "enablePassword": "string", + "customAttributes": {}, + "passwordIDStore": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/ise_root_ca_regenerate.py b/ansible_collections/cisco/ise/plugins/modules/ise_root_ca_regenerate.py new file mode 100644 index 00000000..2eb5f7e0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/ise_root_ca_regenerate.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: ise_root_ca_regenerate +short_description: Resource module for Ise Root CA Regenerate +description: +- Manage operation create of the resource Ise Root CA Regenerate. +- This API initiates regeneration of Cisco ISE root CA certificate chain. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + removeExistingISEIntermediateCSR: + description: Setting this attribute to true removes existing Cisco ISE Intermediate + CSR. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.regenerate_ise_root_ca, + + - Paths used are + post /api/v1/certs/ise-root-ca/regenerate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.ise_root_ca_regenerate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + removeExistingISEIntermediateCSR: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_connection_type_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_connection_type_info.py new file mode 100644 index 00000000..f5cbe33a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_connection_type_info.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_connection_type_info +short_description: Information module for Licensing Connection Type +description: +- Get all Licensing Connection Type. +- Get connection type. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_connection_type, + + - Paths used are + get /api/v1/license/system/connection-type, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Connection Type + cisco.ise.licensing_connection_type_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "connectionType": "string", + "state": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_eval_license_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_eval_license_info.py new file mode 100644 index 00000000..5f4f2067 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_eval_license_info.py @@ -0,0 +1,55 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_eval_license_info +short_description: Information module for Licensing Eval License +description: +- Get all Licensing Eval License. +- Get registration information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_eval_license_info, + + - Paths used are + get /api/v1/license/system/eval-license, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Eval License + cisco.ise.licensing_eval_license_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "daysRemaining": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_feature_to_tier_mapping_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_feature_to_tier_mapping_info.py new file mode 100644 index 00000000..28227901 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_feature_to_tier_mapping_info.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_feature_to_tier_mapping_info +short_description: Information module for Licensing Feature To Tier Mapping +description: +- Get all Licensing Feature To Tier Mapping. +- Get feature to tier mapping. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_feature_to_tier_mapping, + + - Paths used are + get /api/v1/license/system/feature-to-tier-mapping, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Feature To Tier Mapping + cisco.ise.licensing_feature_to_tier_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "featureName": [ + "string" + ], + "tier": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_registration_create.py b/ansible_collections/cisco/ise/plugins/modules/licensing_registration_create.py new file mode 100644 index 00000000..29712189 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_registration_create.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_registration_create +short_description: Resource module for Licensing Registration Create +description: +- Manage operation create of the resource Licensing Registration Create. +- License - Configure registration information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + connectionType: + description: Licensing Registration Create's connectionType. + type: str + registrationType: + description: Licensing Registration Create's registrationType. + type: str + ssmOnPremServer: + description: If connection type is selected as SSM_ONPREM_SERVER, then IP address + or the hostname (or FQDN) of the SSM On-Prem server Host. + type: str + tier: + description: Licensing Registration Create's tier. + elements: str + type: list + token: + description: Token. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.create_registration_info, + + - Paths used are + post /api/v1/license/system/register, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.licensing_registration_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + connectionType: string + registrationType: string + ssmOnPremServer: string + tier: + - string + token: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: str + sample: > + "'string'" +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_registration_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_registration_info.py new file mode 100644 index 00000000..121e1038 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_registration_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_registration_info +short_description: Information module for Licensing Registration +description: +- Get all Licensing Registration. +- Get registration information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_registration_info, + + - Paths used are + get /api/v1/license/system/register, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Registration + cisco.ise.licensing_registration_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "connectionType": "string", + "registrationState": "string", + "ssmOnPremServer": "string", + "tier": [ + "string" + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_create.py b/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_create.py new file mode 100644 index 00000000..73c71772 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_create.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_smart_state_create +short_description: Resource module for Licensing Smart State Create +description: +- Manage operation create of the resource Licensing Smart State Create. +- License - Configure smart state information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.configure_smart_state, + + - Paths used are + post /api/v1/license/system/smart-state, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.licensing_smart_state_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: str + sample: > + "'string'" +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_info.py new file mode 100644 index 00000000..0267753d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_smart_state_info.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_smart_state_info +short_description: Information module for Licensing Smart State +description: +- Get all Licensing Smart State. +- Get smart license information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_smart_state, + + - Paths used are + get /api/v1/license/system/smart-state, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Smart State + cisco.ise.licensing_smart_state_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "connectionType": "string", + "state": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_create.py b/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_create.py new file mode 100644 index 00000000..b48863dc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_create.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_tier_state_create +short_description: Resource module for Licensing Tier State Create +description: +- Manage operation create of the resource Licensing Tier State Create. +- Applicable values for **name** & **status** parameters. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Licensing Tier State Create's payload. + elements: dict + suboptions: + name: + description: Licensing Tier State Create's name. + type: str + status: + description: Licensing Tier State Create's status. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.update_tier_state_info, + + - Paths used are + post /api/v1/license/system/tier-state, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.licensing_tier_state_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - name: string + status: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": [ + { + "message": "string", + "name": "string", + "status": "string" + } + ], + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_info.py b/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_info.py new file mode 100644 index 00000000..a85e9ea2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/licensing_tier_state_info.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: licensing_tier_state_info +short_description: Information module for Licensing Tier State +description: +- Get all Licensing Tier State. +- Get tier state information. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Licensing + description: Complete reference of the Licensing API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!license-openapi +notes: + - SDK Method used are + licensing.Licensing.get_tier_state_info, + + - Paths used are + get /api/v1/license/system/tier-state, + +""" + +EXAMPLES = r""" +- name: Get all Licensing Tier State + cisco.ise.licensing_tier_state_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "compliance": "string", + "consumptionCounter": 0, + "daysOutOfCompliance": "string", + "lastAuthorization": "string", + "name": "string", + "status": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_account_status_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_account_status_info.py new file mode 100644 index 00000000..f17ae253 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_account_status_info.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_account_status_info +short_description: Information module for MNT Account Status +description: +- Get MNT Account Status by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + mac: + description: + - Mac path parameter. + type: str + duration: + description: + - Duration path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_account_status_by_mac, + + - Paths used are + get /AcctStatus/MACAddress/{mac}/{duration}, + +""" + +EXAMPLES = r""" +- name: Get MNT Account Status by id + cisco.ise.mnt_account_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + mac: string + duration: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_athentication_status_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_athentication_status_info.py new file mode 100644 index 00000000..6a6d498f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_athentication_status_info.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_athentication_status_info +short_description: Information module for Mnt Athentication Status +description: +- Get all Mnt Athentication Status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + MAC: + description: + - MAC path parameter. + type: str + SECONDS: + description: + - SECONDS path parameter. + type: str + RECORDS: + description: + - RECORDS path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_authentication_status_by_mac, + + - Paths used are + get /AuthStatus/MACAddress/{MAC}/{SECONDS}/{RECORDS}/All, +seealso: +# Reference by module name +- module: cisco.ise.mnt_authentication_status_info +""" + +EXAMPLES = r""" +- name: Get all Mnt Athentication Status + cisco.ise.mnt_athentication_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + MAC: string + SECONDS: string + RECORDS: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: + - {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_authentication_status_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_authentication_status_info.py new file mode 100644 index 00000000..fb1b30fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_authentication_status_info.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_authentication_status_info +short_description: Information module for MNT Authentication Status +description: +- Get all MNT Authentication Status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + MAC: + description: + - MAC path parameter. + type: str + SECONDS: + description: + - SECONDS path parameter. + type: str + RECORDS: + description: + - RECORDS path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_authentication_status_by_mac, + + - Paths used are + get /AuthStatus/MACAddress/{MAC}/{SECONDS}/{RECORDS}/All, + +""" + +EXAMPLES = r""" +- name: Get all MNT Authentication Status + cisco.ise.mnt_authentication_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + MAC: string + SECONDS: string + RECORDS: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_failure_reasons_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_failure_reasons_info.py new file mode 100644 index 00000000..53e936d1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_failure_reasons_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_failure_reasons_info +short_description: Information module for MNT Failure Reasons +description: +- Get all MNT Failure Reasons. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_failure_reasons, + + - Paths used are + get /FailureReasons, + +""" + +EXAMPLES = r""" +- name: Get all MNT Failure Reasons + cisco.ise.mnt_failure_reasons_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_count_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_count_info.py new file mode 100644 index 00000000..c2ffbff8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_count_info.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_active_count_info +short_description: Information module for MNT Session Active Count +description: +- Get all MNT Session Active Count. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_active_count, + + - Paths used are + get /Session/ActiveCount, + +""" + +EXAMPLES = r""" +- name: Get all MNT Session Active Count + cisco.ise.mnt_session_active_count_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "count": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_list_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_list_info.py new file mode 100644 index 00000000..352e09bf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_active_list_info.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_active_list_info +short_description: Information module for MNT Session Active List +description: +- Get all MNT Session Active List. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_active_list, + + - Paths used are + get /Session/ActiveList, + +""" + +EXAMPLES = r""" +- name: Get all MNT Session Active List + cisco.ise.mnt_session_active_list_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "noOfActiveSession": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_auth_list_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_auth_list_info.py new file mode 100644 index 00000000..716b60cd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_auth_list_info.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_auth_list_info +short_description: Information module for MNT Session Auth List +description: +- Get all MNT Session Auth List. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_session_auth_list, + + - Paths used are + get /Session/AuthList/null/null, + +""" + +EXAMPLES = r""" +- name: Get all MNT Session Auth List + cisco.ise.mnt_session_auth_list_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "noOfActiveSession": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_ip_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_ip_info.py new file mode 100644 index 00000000..f908a7a6 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_ip_info.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_by_ip_info +short_description: Information module for MNT Session By Ip +description: +- Get MNT Session By Ip by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + endpoint_ipv4: + description: + - Endpoint_ipv4 path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_sessions_by_endpoint_ip, + + - Paths used are + get /Session/EndPointIPAddress/{endpoint_ipv4}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session By Ip by id + cisco.ise.mnt_session_by_ip_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + endpoint_ipv4: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_mac_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_mac_info.py new file mode 100644 index 00000000..754aebbc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_mac_info.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_by_mac_info +short_description: Information module for MNT Session By Mac +description: +- Get MNT Session By Mac by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + mac: + description: + - Mac path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_sessions_by_mac, + + - Paths used are + get /Session/MACAddress/{mac}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session By Mac by id + cisco.ise.mnt_session_by_mac_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + mac: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_nas_ip_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_nas_ip_info.py new file mode 100644 index 00000000..09f23798 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_nas_ip_info.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_by_nas_ip_info +short_description: Information module for MNT Session By Nas Ip +description: +- Get MNT Session By Nas Ip by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + nas_ipv4: + description: + - Nas_ipv4 path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_sessions_by_nas_ip, + + - Paths used are + get /Session/IPAddress/{nas_ipv4}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session By Nas Ip by id + cisco.ise.mnt_session_by_nas_ip_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + nas_ipv4: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_username_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_username_info.py new file mode 100644 index 00000000..81c75049 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_by_username_info.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_by_username_info +short_description: Information module for MNT Session By Username +description: +- Get MNT Session By Username by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + username: + description: + - Username path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_sessions_by_username, + + - Paths used are + get /Session/UserName/{username}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session By Username by name + cisco.ise.mnt_session_by_username_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + username: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_delete_all.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_delete_all.py new file mode 100644 index 00000000..a9df0152 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_delete_all.py @@ -0,0 +1,47 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_delete_all +short_description: Resource module for MNT Session Delete All +description: +- Manage operation delete of the resource MNT Session Delete All. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.delete_all_sessions, + + - Paths used are + delete /Session/Delete/All, + +""" + +EXAMPLES = r""" +- name: Delete all + cisco.ise.mnt_session_delete_all: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_disconnect_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_disconnect_info.py new file mode 100644 index 00000000..5f1be8c8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_disconnect_info.py @@ -0,0 +1,73 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_disconnect_info +short_description: Information module for MNT Session Disconnect +description: +- Get MNT Session Disconnect by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + ENDPOINT_IP: + description: + - ENDPOINT_IP path parameter. + type: str + PSN_NAME: + description: + - PSN_NAME path parameter. + type: str + MAC: + description: + - MAC path parameter. + type: str + DISCONNECT_TYPE: + description: + - DISCONNECT_TYPE path parameter. + type: str + NAS_IPV4: + description: + - NAS_IPV4 path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.session_disconnect, + + - Paths used are + get /CoA/Disconnect/{PSN_NAME}/{MAC}/{DISCONNECT_TYPE}/{NAS_IPV4}/{{ENDPOINT_IP}}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session Disconnect by id + cisco.ise.mnt_session_disconnect_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + ENDPOINT_IP: string + PSN_NAME: string + MAC: string + DISCONNECT_TYPE: string + NAS_IPV4: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_posture_count_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_posture_count_info.py new file mode 100644 index 00000000..5c8869a9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_posture_count_info.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_posture_count_info +short_description: Information module for MNT Session Posture Count +description: +- Get all MNT Session Posture Count. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_posture_count, + + - Paths used are + get /Session/PostureCount, + +""" + +EXAMPLES = r""" +- name: Get all MNT Session Posture Count + cisco.ise.mnt_session_posture_count_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "count": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_profiler_count_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_profiler_count_info.py new file mode 100644 index 00000000..5a8db7de --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_profiler_count_info.py @@ -0,0 +1,50 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_profiler_count_info +short_description: Information module for MNT Session Profiler Count +description: +- Get all MNT Session Profiler Count. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_profiler_count, + + - Paths used are + get /Session/ProfilerCount, + +""" + +EXAMPLES = r""" +- name: Get all MNT Session Profiler Count + cisco.ise.mnt_session_profiler_count_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "count": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_session_reauthentication_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_session_reauthentication_info.py new file mode 100644 index 00000000..d0516ee4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_session_reauthentication_info.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_session_reauthentication_info +short_description: Information module for MNT Session Reauthentication +description: +- Get MNT Session Reauthentication by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + PSN_NAME: + description: + - PSN_NAME path parameter. + type: str + ENDPOINT_MAC: + description: + - ENDPOINT_MAC path parameter. + type: str + REAUTH_TYPE: + description: + - REAUTH_TYPE path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.session_reauthentication_by_mac, + + - Paths used are + get /CoA/Reauth/{PSN_NAME}/{ENDPOINT_MAC}/{REAUTH_TYPE}, + +""" + +EXAMPLES = r""" +- name: Get MNT Session Reauthentication by id + cisco.ise.mnt_session_reauthentication_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + PSN_NAME: string + ENDPOINT_MAC: string + REAUTH_TYPE: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_sessions_by_session_id_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_sessions_by_session_id_info.py new file mode 100644 index 00000000..d614bab8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_sessions_by_session_id_info.py @@ -0,0 +1,53 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_sessions_by_session_id_info +short_description: Information module for MNT Sessions By Session Id +description: +- Get all MNT Sessions By Session Id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + session_id: + description: + - Session_id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_sessions_by_session_id, + + - Paths used are + get /Session/Active/SessionID/{session_id}/0, + +""" + +EXAMPLES = r""" +- name: Get all MNT Sessions By Session Id + cisco.ise.mnt_sessions_by_session_id_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + session_id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/mnt_version_info.py b/ansible_collections/cisco/ise/plugins/modules/mnt_version_info.py new file mode 100644 index 00000000..7217600d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/mnt_version_info.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: mnt_version_info +short_description: Information module for MNT Version +description: +- Get all MNT Version. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + misc.Misc.get_mnt_version, + + - Paths used are + get /Version, + +""" + +EXAMPLES = r""" +- name: Get all MNT Version + cisco.ise.mnt_version_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "version": "string", + "type_of_node": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/my_device_portal.py b/ansible_collections/cisco/ise/plugins/modules/my_device_portal.py new file mode 100644 index 00000000..bdec90ad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/my_device_portal.py @@ -0,0 +1,593 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: my_device_portal +short_description: Resource module for My Device Portal +description: +- Manage operations create, update and delete of the resource My Device Portal. +- This API creates a my device portal. +- This API deletes a my device portal by ID. +- This API allows the client to update a my device portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Defines all of the Portal Customizations available. + suboptions: + globalCustomizations: + description: My Device Portal's globalCustomizations. + suboptions: + backgroundImage: + description: My Device Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: My Device Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: My Device Portal's bannerTitle. + type: str + contactText: + description: My Device Portal's contactText. + type: str + desktopLogoImage: + description: My Device Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: My Device Portal's footerElement. + type: str + mobileLogoImage: + description: My Device Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: My Device Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Represent the entire page customization as a giant dictionary. + suboptions: + data: + description: The Dictionary will be exposed here as key value pair. + elements: dict + suboptions: + key: + description: My Device Portal's key. + type: str + value: + description: My Device Portal's value. + type: str + type: list + type: dict + portalTheme: + description: My Device Portal's portalTheme. + suboptions: + id: + description: My Device Portal's id. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: My Device Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: My Device Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: My Device Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: My Device Portal's description. + type: str + id: + description: My Device Portal's id. + type: str + name: + description: My Device Portal's name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a Mydevice portal. + suboptions: + aupSettings: + description: Configuration of the Acceptable Use Policy (AUP) for a portal. + suboptions: + displayFrequency: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed Values - FIRSTLOGIN, - EVERYLOGIN, + - RECURRING. + type: str + displayFrequencyIntervalDays: + description: Number of days between AUP confirmations (when displayFrequency + = recurring). + type: int + includeAup: + description: Require the portal user to read and accept an AUP. + type: bool + requireScrolling: + description: Require the portal user to scroll to the end of the AUP. Only + valid if requireAupAcceptance = true. + type: bool + type: dict + employeeChangePasswordSettings: + description: My Device Portal's employeeChangePasswordSettings. + suboptions: + allowEmployeeToChangePwd: + description: AllowEmployeeToChangePwd flag. + type: bool + type: dict + loginPageSettings: + description: My Device Portal's loginPageSettings. + suboptions: + aupDisplay: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed values - ONPAGE, - ASLINK. + type: str + includeAup: + description: Include an Acceptable Use Policy (AUP) that should be displayed + during login. + type: bool + maxFailedAttemptsBeforeRateLimit: + description: Maximum failed login attempts before rate limiting. + type: int + requireAupAcceptance: + description: Require the portal user to accept the AUP. Only valid if includeAup + = true. + type: bool + requireScrolling: + description: Require the portal user to scroll to the end of the AUP. Only + valid if requireAupAcceptance = true. + type: bool + socialConfigs: + description: My Device Portal's socialConfigs. + elements: dict + type: list + timeBetweenLoginsDuringRateLimit: + description: Time between login attempts when rate limiting. + type: int + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0, - eth1, - eth2, - eth3, - eth4, - eth5, - bond0, - bond1, - bond2. + elements: str + type: list + alwaysUsedLanguage: + description: My Device Portal's alwaysUsedLanguage. + type: str + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + endpointIdentityGroup: + description: Unique Id of the endpoint identity group where user's devices + will be added. Used only in Hotspot Portal. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + type: dict + postAccessBannerSettings: + description: My Device Portal's postAccessBannerSettings. + suboptions: + includePostAccessBanner: + description: IncludePostAccessBanner flag. + type: bool + type: dict + postLoginBannerSettings: + description: My Device Portal's postLoginBannerSettings. + suboptions: + includePostAccessBanner: + description: Include a Post-Login Banner page. + type: bool + type: dict + supportInfoSettings: + description: My Device Portal's supportInfoSettings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + my_device_portal.MyDevicePortal.create_my_device_portal, + my_device_portal.MyDevicePortal.delete_my_device_portal_by_id, + my_device_portal.MyDevicePortal.update_my_device_portal_by_id, + + - Paths used are + post /ers/config/mydeviceportal, + delete /ers/config/mydeviceportal/{id}, + put /ers/config/mydeviceportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.my_device_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireScrolling: true + employeeChangePasswordSettings: + allowEmployeeToChangePwd: true + loginPageSettings: + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAupAcceptance: true + requireScrolling: true + socialConfigs: + - {} + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.my_device_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.my_device_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireScrolling: true + employeeChangePasswordSettings: + allowEmployeeToChangePwd: true + loginPageSettings: + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAupAcceptance: true + requireScrolling: true + socialConfigs: + - {} + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + certificateGroupTag: string + displayLang: string + endpointIdentityGroup: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "displayFrequencyIntervalDays": 0, + "displayFrequency": "string", + "includeAup": true, + "requireScrolling": true + }, + "employeeChangePasswordSettings": { + "allowEmployeeToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/my_device_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/my_device_portal_info.py new file mode 100644 index 00000000..c0c1cd87 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/my_device_portal_info.py @@ -0,0 +1,327 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: my_device_portal_info +short_description: Information module for My Device Portal +description: +- Get all My Device Portal. +- Get My Device Portal by id. +- This API allows the client to get a my device portal by ID. +- This API allows the client to get all the my device portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + my_device_portal.MyDevicePortal.get_my_device_portal_by_id, + my_device_portal.MyDevicePortal.get_my_device_portal_generator, + + - Paths used are + get /ers/config/mydeviceportal, + get /ers/config/mydeviceportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all My Device Portal + cisco.ise.my_device_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get My Device Portal by id + cisco.ise.my_device_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "displayFrequencyIntervalDays": 0, + "displayFrequency": "string", + "includeAup": true, + "requireScrolling": true + }, + "employeeChangePasswordSettings": { + "allowEmployeeToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "endpointIdentityGroup": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "displayFrequencyIntervalDays": 0, + "displayFrequency": "string", + "includeAup": true, + "requireScrolling": true + }, + "employeeChangePasswordSettings": { + "allowEmployeeToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile.py b/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile.py new file mode 100644 index 00000000..e34a702c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: native_supplicant_profile +short_description: Resource module for Native Supplicant Profile +description: +- Manage operations update and delete of the resource Native Supplicant Profile. +- This API deletes a native supplicant profile. +- This API allows the client to update a native supplicant profile. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Native Supplicant Profile's description. + type: str + id: + description: Native Supplicant Profile's id. + type: str + name: + description: Native Supplicant Profile's name. + type: str + wirelessProfiles: + description: Native Supplicant Profile's wirelessProfiles. + elements: dict + suboptions: + actionType: + description: Action type for WifiProfile. Allowed values - ADD, - UPDATE, - + DELETE (required for updating existing WirelessProfile). + type: str + allowedProtocol: + description: Native Supplicant Profile's allowedProtocol. + type: str + certificateTemplateId: + description: Native Supplicant Profile's certificateTemplateId. + type: str + previousSSID: + description: Previous ssid for WifiProfile (required for updating existing WirelessProfile). + type: str + ssid: + description: Native Supplicant Profile's ssid. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for NativeSupplicantProfile + description: Complete reference of the NativeSupplicantProfile API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!nspprofile +notes: + - SDK Method used are + native_supplicant_profile.NativeSupplicantProfile.delete_native_supplicant_profile_by_id, + native_supplicant_profile.NativeSupplicantProfile.update_native_supplicant_profile_by_id, + + - Paths used are + delete /ers/config/nspprofile/{id}, + put /ers/config/nspprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.native_supplicant_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + wirelessProfiles: + - actionType: string + allowedProtocol: string + certificateTemplateId: string + previousSsid: string + ssid: string + +- name: Delete by id + cisco.ise.native_supplicant_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "wirelessProfiles": [ + { + "ssid": "string", + "allowedProtocol": "string", + "certificateTemplateId": "string", + "actionType": "string", + "previousSsid": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile_info.py b/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile_info.py new file mode 100644 index 00000000..f086ded1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/native_supplicant_profile_info.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: native_supplicant_profile_info +short_description: Information module for Native Supplicant Profile +description: +- Get all Native Supplicant Profile. +- Get Native Supplicant Profile by id. +- This API allows the client to get a native supplicant profile by ID. +- This API allows the client to get all the native supplicant profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for NativeSupplicantProfile + description: Complete reference of the NativeSupplicantProfile API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!nspprofile +notes: + - SDK Method used are + native_supplicant_profile.NativeSupplicantProfile.get_native_supplicant_profile_by_id, + native_supplicant_profile.NativeSupplicantProfile.get_native_supplicant_profile_generator, + + - Paths used are + get /ers/config/nspprofile, + get /ers/config/nspprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Native Supplicant Profile + cisco.ise.native_supplicant_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Native Supplicant Profile by id + cisco.ise.native_supplicant_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "wirelessProfiles": [ + { + "ssid": "string", + "allowedProtocol": "string", + "certificateTemplateId": "string", + "actionType": "string", + "previousSsid": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "wirelessProfiles": [ + { + "ssid": "string", + "allowedProtocol": "string", + "certificateTemplateId": "string", + "actionType": "string", + "previousSsid": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py new file mode 100644 index 00000000..33ea4762 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules.py @@ -0,0 +1,535 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authentication_rules +short_description: Resource module for Network Access Authentication Rules +description: +- Manage operations create, update and delete of the resource Network Access Authentication Rules. +- Network Access - Create authentication rule. +- Network Access - Delete rule. +- Network Access - Update rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. Rule id. + type: str + identitySourceName: + description: Identity source name from the identity stores. + type: str + ifAuthFail: + description: Action to perform when authentication fails such as Bad credentials, + disabled user and so on. + type: str + ifProcessFail: + description: Action to perform when ISE is uanble to access the identity database. + type: str + ifUserNotFound: + description: Action to perform when user is not found in any of identity stores. + type: str + link: + description: Network Access Authentication Rules's link. + suboptions: + href: + description: Network Access Authentication Rules's href. + type: str + rel: + description: Network Access Authentication Rules's rel. + type: str + type: + description: Network Access Authentication Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Network Access Authentication Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Authentication Rules's link. + suboptions: + href: + description: Network Access Authentication Rules's href. + type: str + rel: + description: Network Access Authentication Rules's rel. + type: str + type: + description: Network Access Authentication Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Authentication Rules's endDate. + type: str + startDate: + description: Network Access Authentication Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Authentication Rules's endDate. + type: str + startDate: + description: Network Access Authentication Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Authentication Rules's endTime. + type: str + startTime: + description: Network Access Authentication Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Authentication Rules's endTime. + type: str + startTime: + description: Network Access Authentication Rules's startTime. + type: str + type: dict + id: + description: Network Access Authentication Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Authentication Rules's link. + suboptions: + href: + description: Network Access Authentication Rules's href. + type: str + rel: + description: Network Access Authentication Rules's rel. + type: str + type: + description: Network Access Authentication Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authentication Rules + description: Complete reference of the Network Access - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authentication_rules.NetworkAccessAuthenticationRules.create_network_access_authentication_rule, + network_access_authentication_rules.NetworkAccessAuthenticationRules.delete_network_access_authentication_rule_by_id, + network_access_authentication_rules.NetworkAccessAuthenticationRules.update_network_access_authentication_rule_by_id, + + - Paths used are + post /network-access/policy-set/{policyId}/authentication, + delete /network-access/policy-set/{policyId}/authentication/{id}, + put /network-access/policy-set/{policyId}/authentication/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + identitySourceName: string + ifAuthFail: string + ifProcessFail: string + ifUserNotFound: string + link: + href: string + rel: string + type: string + policyId: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Update by id + cisco.ise.network_access_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + identitySourceName: string + ifAuthFail: string + ifProcessFail: string + ifUserNotFound: string + link: + href: string + rel: string + type: string + policyId: string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + +- name: Delete by id + cisco.ise.network_access_authentication_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_info.py new file mode 100644 index 00000000..a4124342 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authentication_rules_info +short_description: Information module for Network Access Authentication Rules +description: +- Get all Network Access Authentication Rules. +- Get Network Access Authentication Rules by id. +- Network Access - Get authentication rules. +- Network Access - Get rule attributes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authentication Rules + description: Complete reference of the Network Access - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authentication_rules.NetworkAccessAuthenticationRules.get_network_access_authentication_rule_by_id, + network_access_authentication_rules.NetworkAccessAuthenticationRules.get_network_access_authentication_rules, + + - Paths used are + get /network-access/policy-set/{policyId}/authentication, + get /network-access/policy-set/{policyId}/authentication/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Authentication Rules + cisco.ise.network_access_authentication_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Network Access Authentication Rules by id + cisco.ise.network_access_authentication_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "identitySourceName": "string", + "ifAuthFail": "string", + "ifProcessFail": "string", + "ifUserNotFound": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_reset_hitcount.py new file mode 100644 index 00000000..1d4de88e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authentication_rules_reset_hitcount.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authentication_rules_reset_hitcount +short_description: Resource module for Network Access Authentication Rules Reset Hitcount +description: +- Manage operation create of the resource Network Access Authentication Rules Reset Hitcount. +- Network Access - Reset HitCount for Authentication Rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authentication Rules + description: Complete reference of the Network Access - Authentication Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authentication_rules.NetworkAccessAuthenticationRules.reset_hit_counts_network_access_authentication_rules, + + - Paths used are + post /network-access/policy-set/{policyId}/authentication/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_authentication_rules_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules.py new file mode 100644 index 00000000..03b4c64b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules.py @@ -0,0 +1,527 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authorization_rules +short_description: Resource module for Network Access Authorization Rules +description: +- Manage operations create, update and delete of the resource Network Access Authorization Rules. +- Network Access - Create authorization rule. +- Network Access - Delete authorization rule. +- Network Access - Update authorization rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. Rule id. + type: str + link: + description: Network Access Authorization Rules's link. + suboptions: + href: + description: Network Access Authorization Rules's href. + type: str + rel: + description: Network Access Authorization Rules's rel. + type: str + type: + description: Network Access Authorization Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + profile: + description: The authorization profile/s. + elements: str + type: list + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Network Access Authorization Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Authorization Rules's link. + suboptions: + href: + description: Network Access Authorization Rules's href. + type: str + rel: + description: Network Access Authorization Rules's rel. + type: str + type: + description: Network Access Authorization Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Authorization Rules's endDate. + type: str + startDate: + description: Network Access Authorization Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Authorization Rules's endDate. + type: str + startDate: + description: Network Access Authorization Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Authorization Rules's endTime. + type: str + startTime: + description: Network Access Authorization Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Authorization Rules's endTime. + type: str + startTime: + description: Network Access Authorization Rules's startTime. + type: str + type: dict + id: + description: Network Access Authorization Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Authorization Rules's link. + suboptions: + href: + description: Network Access Authorization Rules's href. + type: str + rel: + description: Network Access Authorization Rules's rel. + type: str + type: + description: Network Access Authorization Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict + securityGroup: + description: Security group used in authorization policies. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Rules + description: Complete reference of the Network Access - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_rules.NetworkAccessAuthorizationRules.create_network_access_authorization_rule, + network_access_authorization_rules.NetworkAccessAuthorizationRules.delete_network_access_authorization_rule_by_id, + network_access_authorization_rules.NetworkAccessAuthorizationRules.update_network_access_authorization_rule_by_id, + + - Paths used are + post /network-access/policy-set/{policyId}/authorization, + delete /network-access/policy-set/{policyId}/authorization/{id}, + put /network-access/policy-set/{policyId}/authorization/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + link: + href: string + rel: string + type: string + policyId: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Update by id + cisco.ise.network_access_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + link: + href: string + rel: string + type: string + policyId: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Delete by id + cisco.ise.network_access_authorization_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_info.py new file mode 100644 index 00000000..ec93647e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authorization_rules_info +short_description: Information module for Network Access Authorization Rules +description: +- Get all Network Access Authorization Rules. +- Get Network Access Authorization Rules by id. +- Network Access - Get authorization rule attributes. +- Network Access - Get authorization rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Rules + description: Complete reference of the Network Access - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_rules.NetworkAccessAuthorizationRules.get_network_access_authorization_rule_by_id, + network_access_authorization_rules.NetworkAccessAuthorizationRules.get_network_access_authorization_rules, + + - Paths used are + get /network-access/policy-set/{policyId}/authorization, + get /network-access/policy-set/{policyId}/authorization/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Authorization Rules + cisco.ise.network_access_authorization_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Network Access Authorization Rules by id + cisco.ise.network_access_authorization_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_reset_hitcount.py new file mode 100644 index 00000000..55dfe008 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_authorization_rules_reset_hitcount.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_authorization_rules_reset_hitcount +short_description: Resource module for Network Access Authorization Rules Reset Hitcount +description: +- Manage operation create of the resource Network Access Authorization Rules Reset Hitcount. +- Network Access - Reset HitCount for Authorization Rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Rules + description: Complete reference of the Network Access - Authorization Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_rules.NetworkAccessAuthorizationRules.reset_hit_counts_network_access_authorization_rules, + + - Paths used are + post /network-access/policy-set/{policyId}/authorization/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_authorization_rules_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_conditions.py b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions.py new file mode 100644 index 00000000..6321335d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions.py @@ -0,0 +1,457 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_conditions +short_description: Resource module for Network Access Conditions +description: +- Manage operations create, update and delete of the resource Network Access Conditions. +- Network Access - Creates a library condition. +- Network Access - Delete a library condition using condition Name. +- Network Access - Delete a library condition. +- Network Access - Update library condition using condition name. +- Network Access - Update library condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be aggregated + under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Conditions's link. + suboptions: + href: + description: Network Access Conditions's href. + type: str + rel: + description: Network Access Conditions's rel. + type: str + type: + description: Network Access Conditions's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Network Access Conditions's endDate. + type: str + startDate: + description: Network Access Conditions's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Network Access Conditions's endDate. + type: str + startDate: + description: Network Access Conditions's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Conditions's endTime. + type: str + startTime: + description: Network Access Conditions's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Conditions's endTime. + type: str + startTime: + description: Network Access Conditions's startTime. + type: str + type: dict + id: + description: Network Access Conditions's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Conditions's link. + suboptions: + href: + description: Network Access Conditions's href. + type: str + rel: + description: Network Access Conditions's rel. + type: str + type: + description: Network Access Conditions's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days format + - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
Days + format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Conditions + description: Complete reference of the Network Access - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_conditions.NetworkAccessConditions.create_network_access_condition, + network_access_conditions.NetworkAccessConditions.delete_network_access_condition_by_id, + network_access_conditions.NetworkAccessConditions.delete_network_access_condition_by_name, + network_access_conditions.NetworkAccessConditions.update_network_access_condition_by_id, + network_access_conditions.NetworkAccessConditions.update_network_access_condition_by_name, + + - Paths used are + post /network-access/condition, + delete /network-access/condition/condition-by-name/{name}, + delete /network-access/condition/{id}, + put /network-access/condition/condition-by-name/{name}, + put /network-access/condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Update by name + cisco.ise.network_access_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by name + cisco.ise.network_access_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.network_access_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by id + cisco.ise.network_access_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authentication_rule_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authentication_rule_info.py new file mode 100644 index 00000000..bb37744f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authentication_rule_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_conditions_for_authentication_rule_info +short_description: Information module for Network Access Conditions For Authentication Rule +description: +- Get all Network Access Conditions For Authentication Rule. +- Network Access - Returns list of library conditions for Authentication rules scope. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Conditions + description: Complete reference of the Network Access - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_conditions.NetworkAccessConditions.get_network_access_conditions_for_authentication_rules, + + - Paths used are + get /network-access/condition/authentication, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Conditions For Authentication Rule + cisco.ise.network_access_conditions_for_authentication_rule_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authorization_rule_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authorization_rule_info.py new file mode 100644 index 00000000..be93e370 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_authorization_rule_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_conditions_for_authorization_rule_info +short_description: Information module for Network Access Conditions For Authorization Rule +description: +- Get all Network Access Conditions For Authorization Rule. +- Network Access - Returns list of library conditions for Authorization rules scope. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Conditions + description: Complete reference of the Network Access - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_conditions.NetworkAccessConditions.get_network_access_conditions_for_authorization_rules, + + - Paths used are + get /network-access/condition/authorization, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Conditions For Authorization Rule + cisco.ise.network_access_conditions_for_authorization_rule_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_policy_set_info.py new file mode 100644 index 00000000..a8739b02 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_for_policy_set_info.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_conditions_for_policy_set_info +short_description: Information module for Network Access Conditions For Policy Set +description: +- Get all Network Access Conditions For Policy Set. +- Network Access - Returns list of library conditions for PolicySet scope. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Conditions + description: Complete reference of the Network Access - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_conditions.NetworkAccessConditions.get_network_access_conditions_for_policy_sets, + + - Paths used are + get /network-access/condition/policyset, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Conditions For Policy Set + cisco.ise.network_access_conditions_for_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_info.py new file mode 100644 index 00000000..79273501 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_conditions_info.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_conditions_info +short_description: Information module for Network Access Conditions +description: +- Get all Network Access Conditions. +- Get Network Access Conditions by id. +- Get Network Access Conditions by name. +- Network Access - Returns a library condition. +- Network Access - Returns a library condition. +- Network Access - Returns all library conditions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. Condition name. + type: str + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Conditions + description: Complete reference of the Network Access - Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_conditions.NetworkAccessConditions.get_network_access_condition_by_id, + network_access_conditions.NetworkAccessConditions.get_network_access_condition_by_name, + network_access_conditions.NetworkAccessConditions.get_network_access_conditions, + + - Paths used are + get /network-access/condition, + get /network-access/condition/condition-by-name/{name}, + get /network-access/condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Conditions + cisco.ise.network_access_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Conditions by id + cisco.ise.network_access_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Network Access Conditions by name + cisco.ise.network_access_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary.py new file mode 100644 index 00000000..161c04bc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary.py @@ -0,0 +1,155 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary +short_description: Resource module for Network Access Dictionary +description: +- Manage operations create, update and delete of the resource Network Access Dictionary. +- Network Access - Create a new Dictionary. +- Network Access - Delete a Dictionary. +- Network Access - Update a Dictionary. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: The description of the Dictionary. + type: str + dictionaryAttrType: + description: The dictionary attribute type. + type: str + id: + description: Identifier for the dictionary. + type: str + link: + description: Network Access Dictionary's link. + suboptions: + href: + description: Network Access Dictionary's href. + type: str + rel: + description: Network Access Dictionary's rel. + type: str + type: + description: Network Access Dictionary's type. + type: str + type: dict + name: + description: The dictionary name. + type: str + version: + description: The dictionary version. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary + description: Complete reference of the Network Access - Dictionary API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary.NetworkAccessDictionary.create_network_access_dictionaries, + network_access_dictionary.NetworkAccessDictionary.delete_network_access_dictionary_by_name, + network_access_dictionary.NetworkAccessDictionary.update_network_access_dictionary_by_name, + + - Paths used are + post /network-access/dictionaries, + delete /network-access/dictionaries/{name}, + put /network-access/dictionaries/{name}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_dictionary: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + dictionaryAttrType: string + id: string + link: + href: string + rel: string + type: string + name: string + version: string + +- name: Update by name + cisco.ise.network_access_dictionary: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + dictionaryAttrType: string + id: string + link: + href: string + rel: string + type: string + name: string + version: string + +- name: Delete by name + cisco.ise.network_access_dictionary: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "description": "string", + "dictionaryAttrType": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "version": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "description": "string", + "dictionaryAttrType": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "version": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute.py new file mode 100644 index 00000000..4a029c5c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute.py @@ -0,0 +1,176 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_attribute +short_description: Resource module for Network Access Dictionary Attribute +description: +- Manage operations create, update and delete of the resource Network Access Dictionary Attribute. +- Create a new Dictionary Attribute for an existing Dictionary. +- Delete a Dictionary Attribute. +- Update a Dictionary Attribute. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowedValues: + description: All of the allowed values for the dictionary attribute. + elements: dict + suboptions: + isDefault: + description: True if this key value is the default between the allowed values + of the dictionary attribute. + type: bool + key: + description: Network Access Dictionary Attribute's key. + type: str + value: + description: Network Access Dictionary Attribute's value. + type: str + type: list + dataType: + description: The data type for the dictionary attribute. + type: str + description: + description: The description of the Dictionary attribute. + type: str + dictionaryName: + description: The name of the dictionary which the dictionary attribute belongs to. + type: str + directionType: + description: The direction for the useage of the dictionary attribute. + type: str + id: + description: Identifier for the dictionary attribute. + type: str + internalName: + description: The internal name of the dictionary attribute. + type: str + name: + description: The dictionary attribute's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary Attribute + description: Complete reference of the Network Access - Dictionary Attribute API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary_attribute.NetworkAccessDictionaryAttribute.create_network_access_dictionary_attribute, + network_access_dictionary_attribute.NetworkAccessDictionaryAttribute.delete_network_access_dictionary_attribute_by_name, + network_access_dictionary_attribute.NetworkAccessDictionaryAttribute.update_network_access_dictionary_attribute_by_name, + + - Paths used are + post /network-access/dictionaries/{dictionaryName}/attribute, + delete /network-access/dictionaries/{dictionaryName}/attribute/{name}, + put /network-access/dictionaries/{dictionaryName}/attribute/{name}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_dictionary_attribute: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowedValues: + - isDefault: true + key: string + value: string + dataType: string + description: string + dictionaryName: string + directionType: string + id: string + internalName: string + name: string + +- name: Update by name + cisco.ise.network_access_dictionary_attribute: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowedValues: + - isDefault: true + key: string + value: string + dataType: string + description: string + dictionaryName: string + directionType: string + id: string + internalName: string + name: string + +- name: Delete by name + cisco.ise.network_access_dictionary_attribute: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + dictionaryName: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute_info.py new file mode 100644 index 00000000..92346b68 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attribute_info.py @@ -0,0 +1,91 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_attribute_info +short_description: Information module for Network Access Dictionary Attribute +description: +- Get all Network Access Dictionary Attribute. +- Get Network Access Dictionary Attribute by name. +- Get a Dictionary Attribute. +- Returns a list of Dictionary Attributes for an existing Dictionary. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + dictionaryName: + description: + - DictionaryName path parameter. The name of the dictionary the dictionary attribute belongs to. + type: str + name: + description: + - Name path parameter. The dictionary attribute name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary Attribute + description: Complete reference of the Network Access - Dictionary Attribute API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary_attribute.NetworkAccessDictionaryAttribute.get_network_access_dictionary_attribute_by_name, + network_access_dictionary_attribute.NetworkAccessDictionaryAttribute.get_network_access_dictionary_attributes_by_dictionary_name, + + - Paths used are + get /network-access/dictionaries/{dictionaryName}/attribute, + get /network-access/dictionaries/{dictionaryName}/attribute/{name}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Dictionary Attribute + cisco.ise.network_access_dictionary_attribute_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + dictionaryName: string + register: result + +- name: Get Network Access Dictionary Attribute by name + cisco.ise.network_access_dictionary_attribute_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + dictionaryName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authentication_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authentication_info.py new file mode 100644 index 00000000..fc420dbf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authentication_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_attributes_authentication_info +short_description: Information module for Network Access Dictionary Attributes Authentication +description: +- Get all Network Access Dictionary Attributes Authentication. +- Network Access - Returns list of dictionary attributes for authentication. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary Attributes List + description: Complete reference of the Network Access - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary_attributes_list.NetworkAccessDictionaryAttributesList.get_network_access_dictionaries_authentication, + + - Paths used are + get /network-access/dictionaries/authentication, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Dictionary Attributes Authentication + cisco.ise.network_access_dictionary_attributes_authentication_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authorization_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authorization_info.py new file mode 100644 index 00000000..88a0a1f0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_authorization_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_attributes_authorization_info +short_description: Information module for Network Access Dictionary Attributes Authorization +description: +- Get all Network Access Dictionary Attributes Authorization. +- Network Access - Returns list of dictionary attributes for authorization. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary Attributes List + description: Complete reference of the Network Access - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary_attributes_list.NetworkAccessDictionaryAttributesList.get_network_access_dictionaries_authorization, + + - Paths used are + get /network-access/dictionaries/authorization, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Dictionary Attributes Authorization + cisco.ise.network_access_dictionary_attributes_authorization_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_policy_set_info.py new file mode 100644 index 00000000..4d82fae8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_attributes_policy_set_info.py @@ -0,0 +1,71 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_attributes_policy_set_info +short_description: Information module for Network Access Dictionary Attributes Policy Set +description: +- Get all Network Access Dictionary Attributes Policy Set. +- Network Access - Returns list of dictionary attributes for policyset. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary Attributes List + description: Complete reference of the Network Access - Dictionary Attributes List API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary_attributes_list.NetworkAccessDictionaryAttributesList.get_network_access_dictionaries_policy_set, + + - Paths used are + get /network-access/dictionaries/policyset, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Dictionary Attributes Policy Set + cisco.ise.network_access_dictionary_attributes_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "allowedValues": [ + { + "isDefault": true, + "key": "string", + "value": "string" + } + ], + "dataType": "string", + "description": "string", + "dictionaryName": "string", + "directionType": "string", + "id": "string", + "internalName": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_info.py new file mode 100644 index 00000000..4334d517 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_dictionary_info.py @@ -0,0 +1,81 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_dictionary_info +short_description: Information module for Network Access Dictionary +description: +- Get all Network Access Dictionary. +- Get Network Access Dictionary by name. +- GET a dictionary by name. +- Get all Dictionaries. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. The dictionary name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Dictionary + description: Complete reference of the Network Access - Dictionary API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_dictionary.NetworkAccessDictionary.get_network_access_dictionaries, + network_access_dictionary.NetworkAccessDictionary.get_network_access_dictionary_by_name, + + - Paths used are + get /network-access/dictionaries, + get /network-access/dictionaries/{name}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Dictionary + cisco.ise.network_access_dictionary_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Dictionary by name + cisco.ise.network_access_dictionary_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "description": "string", + "dictionaryAttrType": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules.py b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules.py new file mode 100644 index 00000000..67f0456d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules.py @@ -0,0 +1,521 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_global_exception_rules +short_description: Resource module for Network Access Global Exception Rules +description: +- Manage operations create, update and delete of the resource Network Access Global Exception Rules. +- Network Access - Create global exception authorization rule. +- Network Access - Delete global exception authorization rule. +- Network Access - Update global exception authorization rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. Rule id. + type: str + link: + description: Network Access Global Exception Rules's link. + suboptions: + href: + description: Network Access Global Exception Rules's href. + type: str + rel: + description: Network Access Global Exception Rules's rel. + type: str + type: + description: Network Access Global Exception Rules's type. + type: str + type: dict + profile: + description: The authorization profile/s. + elements: str + type: list + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Network Access Global Exception Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Global Exception Rules's link. + suboptions: + href: + description: Network Access Global Exception Rules's href. + type: str + rel: + description: Network Access Global Exception Rules's rel. + type: str + type: + description: Network Access Global Exception Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Global Exception Rules's endDate. + type: str + startDate: + description: Network Access Global Exception Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Global Exception Rules's endDate. + type: str + startDate: + description: Network Access Global Exception Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Global Exception Rules's endTime. + type: str + startTime: + description: Network Access Global Exception Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Global Exception Rules's endTime. + type: str + startTime: + description: Network Access Global Exception Rules's startTime. + type: str + type: dict + id: + description: Network Access Global Exception Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Global Exception Rules's link. + suboptions: + href: + description: Network Access Global Exception Rules's href. + type: str + rel: + description: Network Access Global Exception Rules's rel. + type: str + type: + description: Network Access Global Exception Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict + securityGroup: + description: Security group used in authorization policies. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Global Exception Rules + description: Complete reference of the Network Access - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.create_network_access_policy_set_global_exception_rule, + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.delete_network_access_policy_set_global_exception_rule_by_id, + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.update_network_access_policy_set_global_exception_rule_by_id, + + - Paths used are + post /network-access/policy-set/global-exception, + delete /network-access/policy-set/global-exception/{id}, + put /network-access/policy-set/global-exception/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + link: + href: string + rel: string + type: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Update by id + cisco.ise.network_access_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + link: + href: string + rel: string + type: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Delete by id + cisco.ise.network_access_global_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_info.py new file mode 100644 index 00000000..168ed354 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_info.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_global_exception_rules_info +short_description: Information module for Network Access Global Exception Rules +description: +- Get all Network Access Global Exception Rules. +- Get Network Access Global Exception Rules by id. +- Network Access - Get global exception rule attributes. +- Network Access - Get global execption rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Global Exception Rules + description: Complete reference of the Network Access - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.get_network_access_policy_set_global_exception_rule_by_id, + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.get_network_access_policy_set_global_exception_rules, + + - Paths used are + get /network-access/policy-set/global-exception, + get /network-access/policy-set/global-exception/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Global Exception Rules + cisco.ise.network_access_global_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Global Exception Rules by id + cisco.ise.network_access_global_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_reset_hitcount.py new file mode 100644 index 00000000..8047fc1d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_global_exception_rules_reset_hitcount.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_global_exception_rules_reset_hitcount +short_description: Resource module for Network Access Global Exception Rules Reset Hitcount +description: +- Manage operation create of the resource Network Access Global Exception Rules Reset Hitcount. +- Network Access - Reset HitCount for Global Exceptions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Global Exception Rules + description: Complete reference of the Network Access - Authorization Global Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_global_exception_rules.NetworkAccessAuthorizationGlobalExceptionRules.reset_hit_counts_network_access_global_exceptions, + + - Paths used are + post /network-access/policy-set/global-exception/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_global_exception_rules_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_identity_stores_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_identity_stores_info.py new file mode 100644 index 00000000..5bdc15cf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_identity_stores_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_identity_stores_info +short_description: Information module for Network Access Identity Stores +description: +- Get all Network Access Identity Stores. +- Network Access - Return list of identity stores for authentication policy. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Identity Stores + description: Complete reference of the Network Access - Identity Stores API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_identity_stores.NetworkAccessIdentityStores.get_network_access_identity_stores, + + - Paths used are + get /network-access/identity-stores, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Identity Stores + cisco.ise.network_access_identity_stores_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules.py b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules.py new file mode 100644 index 00000000..8f88a5fa --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules.py @@ -0,0 +1,527 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_local_exception_rules +short_description: Resource module for Network Access Local Exception Rules +description: +- Manage operations create, update and delete of the resource Network Access Local Exception Rules. +- Network Access - Create local authorization exception rule. +- Network Access - Delete local exception rule. +- Network Access - Update local exception rule. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. Rule id. + type: str + link: + description: Network Access Local Exception Rules's link. + suboptions: + href: + description: Network Access Local Exception Rules's href. + type: str + rel: + description: Network Access Local Exception Rules's rel. + type: str + type: + description: Network Access Local Exception Rules's type. + type: str + type: dict + policyId: + description: PolicyId path parameter. Policy id. + type: str + profile: + description: The authorization profile/s. + elements: str + type: list + rule: + description: Common attributes in rule authentication/authorization. + suboptions: + condition: + description: Network Access Local Exception Rules's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will + be aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Local Exception Rules's link. + suboptions: + href: + description: Network Access Local Exception Rules's href. + type: str + rel: + description: Network Access Local Exception Rules's rel. + type: str + type: + description: Network Access Local Exception Rules's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Local Exception Rules's endDate. + type: str + startDate: + description: Network Access Local Exception Rules's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Local Exception Rules's endDate. + type: str + startDate: + description: Network Access Local Exception Rules's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Local Exception Rules's endTime. + type: str + startTime: + description: Network Access Local Exception Rules's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be + matched
Time format - hh mm ( h = hour , mm = minutes )
Default + - All Day

. + suboptions: + endTime: + description: Network Access Local Exception Rules's endTime. + type: str + startTime: + description: Network Access Local Exception Rules's startTime. + type: str + type: dict + id: + description: Network Access Local Exception Rules's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Local Exception Rules's link. + suboptions: + href: + description: Network Access Local Exception Rules's href. + type: str + rel: + description: Network Access Local Exception Rules's rel. + type: str + type: + description: Network Access Local Exception Rules's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
+ Days format - Arrays of WeekDay enums
Default - List of All week + days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Indicates if this rule is the default one. + type: bool + hitCounts: + description: The amount of times the rule was matched. + type: int + id: + description: The identifier of the rule. + type: str + name: + description: Rule name, Valid characters are alphanumerics, underscore, hyphen, + space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other rules. Lower rank is higher + priority. + type: int + state: + description: The state that the rule is in. A disabled rule cannot be matched. + type: str + type: dict + securityGroup: + description: Security group used in authorization policies. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Exception Rules + description: Complete reference of the Network Access - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.create_network_access_local_exception_rule, + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.delete_network_access_local_exception_rule_by_id, + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.update_network_access_local_exception_rule_by_id, + + - Paths used are + post /network-access/policy-set/{policyId}/exception, + delete /network-access/policy-set/{policyId}/exception/{id}, + put /network-access/policy-set/{policyId}/exception/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + link: + href: string + rel: string + type: string + policyId: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Update by id + cisco.ise.network_access_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + link: + href: string + rel: string + type: string + policyId: string + profile: + - string + rule: + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + hitCounts: 0 + id: string + name: string + rank: 0 + state: string + securityGroup: string + +- name: Delete by id + cisco.ise.network_access_local_exception_rules: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_info.py new file mode 100644 index 00000000..d93c9bef --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_info.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_local_exception_rules_info +short_description: Information module for Network Access Local Exception Rules +description: +- Get all Network Access Local Exception Rules. +- Get Network Access Local Exception Rules by id. +- Network Access - Get local exception rule attributes. +- Network Access - Get local exception rules. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + policyId: + description: + - PolicyId path parameter. Policy id. + type: str + id: + description: + - Id path parameter. Rule id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Exception Rules + description: Complete reference of the Network Access - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.get_network_access_local_exception_rule_by_id, + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.get_network_access_local_exception_rules, + + - Paths used are + get /network-access/policy-set/{policyId}/exception, + get /network-access/policy-set/{policyId}/exception/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Local Exception Rules + cisco.ise.network_access_local_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + register: result + +- name: Get Network Access Local Exception Rules by id + cisco.ise.network_access_local_exception_rules_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "profile": [ + "string" + ], + "rule": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "hitCounts": 0, + "id": "string", + "name": "string", + "rank": 0, + "state": "string" + }, + "securityGroup": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_reset_hitcounts.py b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_reset_hitcounts.py new file mode 100644 index 00000000..25751d4b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_local_exception_rules_reset_hitcounts.py @@ -0,0 +1,58 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_local_exception_rules_reset_hitcounts +short_description: Resource module for Network Access Local Exception Rules Reset Hitcounts +description: +- Manage operation create of the resource Network Access Local Exception Rules Reset Hitcounts. +- Network Access - Reset HitCount for local exceptions. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + policyId: + description: PolicyId path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Authorization Exception Rules + description: Complete reference of the Network Access - Authorization Exception Rules API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_authorization_exception_rules.NetworkAccessAuthorizationExceptionRules.reset_hit_counts_network_access_local_exceptions, + + - Paths used are + post /network-access/policy-set/{policyId}/exception/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_local_exception_rules_reset_hitcounts: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + policyId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition.py b/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition.py new file mode 100644 index 00000000..bbdfb592 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition.py @@ -0,0 +1,228 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_network_condition +short_description: Resource module for Network Access Network Condition +description: +- Manage operations create, update and delete of the resource Network Access Network Condition. +- Network Access - Creates network condition. +- Network Access - Delete network condition. +- Network Access - Update network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + cliDnisList: + description:

This field should contain a Caller ID (CLI), comma, and Called ID + (DNIS).
Line format - Caller ID (CLI), Called ID (DNIS)

. + elements: str + type: list + conditionType: + description: This field determines the content of the conditions field. + type: str + description: + description: Network Access Network Condition's description. + type: str + deviceGroupList: + description:

This field should contain a NDG Root, comma, and an NDG + (that it under the root).
Line format - NDG Root Name, NDG, Port

. + elements: str + type: list + deviceList: + description:

This field should contain Device-Name,port-number. The device + name must be the same as the name field in a Network Device object.
Line + format - Device Name,Port

. + elements: str + type: list + id: + description: Network Access Network Condition's id. + type: str + ipAddrList: + description:

This field should contain IP-address-or-subnet,port number
+ IP address can be IPV4 format (n.n.n.n) or IPV6 format (n n n n n n n n).
+ IP subnet can be IPV4 format (n.n.n.n/m) or IPV6 format (n n n n n n n n/m).
+ Line format - IP Address or subnet,Port

. + elements: str + type: list + link: + description: Network Access Network Condition's link. + suboptions: + href: + description: Network Access Network Condition's href. + type: str + rel: + description: Network Access Network Condition's rel. + type: str + type: + description: Network Access Network Condition's type. + type: str + type: dict + macAddrList: + description:

This field should contain Endstation MAC address, comma, and + Destination MAC addresses.
Each Max address must include twelve hexadecimal + digits using formats nn nn nn nn nn nn or nn-nn-nn-nn-nn-nn or nnnn.nnnn.nnnn + or nnnnnnnnnnnn.
Line format - Endstation MAC,Destination MAC

. + elements: str + type: list + name: + description: Network Condition name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Network Conditions + description: Complete reference of the Network Access - Network Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_network_conditions.NetworkAccessNetworkConditions.create_network_access_network_condition, + network_access_network_conditions.NetworkAccessNetworkConditions.delete_network_access_network_condition_by_id, + network_access_network_conditions.NetworkAccessNetworkConditions.update_network_access_network_condition_by_id, + + - Paths used are + post /network-access/network-condition, + delete /network-access/network-condition/{id}, + put /network-access/network-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_network_condition: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + cliDnisList: + - string + conditionType: string + description: string + deviceGroupList: + - string + deviceList: + - string + id: string + ipAddrList: + - string + link: + href: string + rel: string + type: string + macAddrList: + - string + name: string + +- name: Update by id + cisco.ise.network_access_network_condition: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + cliDnisList: + - string + conditionType: string + description: string + deviceGroupList: + - string + deviceList: + - string + id: string + ipAddrList: + - string + link: + href: string + rel: string + type: string + macAddrList: + - string + name: string + +- name: Delete by id + cisco.ise.network_access_network_condition: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "deviceList": [ + "string" + ], + "cliDnisList": [ + "string" + ], + "ipAddrList": [ + "string" + ], + "macAddrList": [ + "string" + ], + "deviceGroupList": [ + "string" + ] + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "deviceList": [ + "string" + ], + "cliDnisList": [ + "string" + ], + "ipAddrList": [ + "string" + ], + "macAddrList": [ + "string" + ], + "deviceGroupList": [ + "string" + ] + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition_info.py new file mode 100644 index 00000000..8d4f5aef --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_network_condition_info.py @@ -0,0 +1,95 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_network_condition_info +short_description: Information module for Network Access Network Condition +description: +- Get all Network Access Network Condition. +- Get Network Access Network Condition by id. +- Network Access - Returns a list of network conditions. +- Network Access - Returns a network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Network Conditions + description: Complete reference of the Network Access - Network Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_network_conditions.NetworkAccessNetworkConditions.get_network_access_network_condition_by_id, + network_access_network_conditions.NetworkAccessNetworkConditions.get_network_access_network_conditions, + + - Paths used are + get /network-access/network-condition, + get /network-access/network-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Network Condition + cisco.ise.network_access_network_condition_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Network Condition by id + cisco.ise.network_access_network_condition_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "conditionType": "string", + "description": "string", + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "deviceList": [ + "string" + ], + "cliDnisList": [ + "string" + ], + "ipAddrList": [ + "string" + ], + "macAddrList": [ + "string" + ], + "deviceGroupList": [ + "string" + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set.py b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set.py new file mode 100644 index 00000000..5d7e27b0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set.py @@ -0,0 +1,505 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_policy_set +short_description: Resource module for Network Access Policy Set +description: +- Manage operations create, update and delete of the resource Network Access Policy Set. +- Network Access - Create a new policy set. +- Network Access - Delete a policy set. +- Network Access - Update a policy set. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + condition: + description: Network Access Policy Set's condition. + suboptions: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be + aggregated under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Policy Set's link. + suboptions: + href: + description: Network Access Policy Set's href. + type: str + rel: + description: Network Access Policy Set's rel. + type: str + type: + description: Network Access Policy Set's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Policy Set's endDate. + type: str + startDate: + description: Network Access Policy Set's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used + for start/end date
Default - no specific dates
In order to reset + the dates to have no specific dates Date format - yyyy-mm-dd (MM = month, + dd = day, yyyy = year)

. + suboptions: + endDate: + description: Network Access Policy Set's endDate. + type: str + startDate: + description: Network Access Policy Set's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Policy Set's endTime. + type: str + startTime: + description: Network Access Policy Set's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Policy Set's endTime. + type: str + startTime: + description: Network Access Policy Set's startTime. + type: str + type: dict + id: + description: Network Access Policy Set's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Policy Set's link. + suboptions: + href: + description: Network Access Policy Set's href. + type: str + rel: + description: Network Access Policy Set's rel. + type: str + type: + description: Network Access Policy Set's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days + format - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
+ Days format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list + type: dict + default: + description: Flag which indicates if this policy set is the default one. + type: bool + description: + description: The description for the policy set. + type: str + hitCounts: + description: The amount of times the policy was matched. + type: int + id: + description: Identifier for the policy set. + type: str + isProxy: + description: Flag which indicates if the policy set service is of type 'Proxy Sequence' + or 'Allowed Protocols'. + type: bool + link: + description: Network Access Policy Set's link. + suboptions: + href: + description: Network Access Policy Set's href. + type: str + rel: + description: Network Access Policy Set's rel. + type: str + type: + description: Network Access Policy Set's type. + type: str + type: dict + name: + description: Given name for the policy set, Valid characters are alphanumerics, + underscore, hyphen, space, period, parentheses. + type: str + rank: + description: The rank(priority) in relation to other policy set. Lower rank is higher + priority. + type: int + serviceName: + description: Policy set service identifier - Allowed Protocols,Server Sequence.. + type: str + state_: + description: The state that the policy set is in. A disabled policy set cannot be + matched. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Policy Set + description: Complete reference of the Network Access - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_policy_set.NetworkAccessPolicySet.create_network_access_policy_set, + network_access_policy_set.NetworkAccessPolicySet.delete_network_access_policy_set_by_id, + network_access_policy_set.NetworkAccessPolicySet.update_network_access_policy_set_by_id, + + - Paths used are + post /network-access/policy-set, + delete /network-access/policy-set/{id}, + put /network-access/policy-set/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + description: string + hitCounts: 0 + id: string + isProxy: true + link: + href: string + rel: string + type: string + name: string + rank: 0 + serviceName: string + state_: string + +- name: Update by id + cisco.ise.network_access_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + condition: + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + default: true + description: string + hitCounts: 0 + id: string + isProxy: true + link: + href: string + rel: string + type: string + name: string + rank: 0 + serviceName: string + state_: string + +- name: Delete by id + cisco.ise.network_access_policy_set: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_info.py new file mode 100644 index 00000000..eb151584 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_info.py @@ -0,0 +1,135 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_policy_set_info +short_description: Information module for Network Access Policy Set +description: +- Get all Network Access Policy Set. +- Get Network Access Policy Set by id. +- Get all network access policy sets. +- Network Access - Get policy set attributes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Policy id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Policy Set + description: Complete reference of the Network Access - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_policy_set.NetworkAccessPolicySet.get_network_access_policy_set_by_id, + network_access_policy_set.NetworkAccessPolicySet.get_network_access_policy_sets, + + - Paths used are + get /network-access/policy-set, + get /network-access/policy-set/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Policy Set + cisco.ise.network_access_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Policy Set by id + cisco.ise.network_access_policy_set_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "condition": { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "description": "string", + "id": "string", + "name": "string", + "attributeName": "string", + "attributeValue": "string", + "dictionaryName": "string", + "dictionaryValue": "string", + "operator": "string", + "children": [ + { + "conditionType": "string", + "isNegate": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + } + } + ], + "datesRange": { + "endDate": "string", + "startDate": "string" + }, + "datesRangeException": { + "endDate": "string", + "startDate": "string" + }, + "hoursRange": { + "endTime": "string", + "startTime": "string" + }, + "hoursRangeException": { + "endTime": "string", + "startTime": "string" + }, + "weekDays": [ + "string" + ], + "weekDaysException": [ + "string" + ] + }, + "default": true, + "description": "string", + "hitCounts": 0, + "id": "string", + "isProxy": true, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "name": "string", + "rank": 0, + "serviceName": "string", + "state": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_reset_hitcount.py b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_reset_hitcount.py new file mode 100644 index 00000000..66f6b6ca --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_policy_set_reset_hitcount.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_policy_set_reset_hitcount +short_description: Resource module for Network Access Policy Set Reset Hitcount +description: +- Manage operation create of the resource Network Access Policy Set Reset Hitcount. +- Network Access - Reset HitCount for PolicySets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Policy Set + description: Complete reference of the Network Access - Policy Set API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_policy_set.NetworkAccessPolicySet.reset_hit_counts_network_access_policy_sets, + + - Paths used are + post /network-access/policy-set/reset-hitcount, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_policy_set_reset_hitcount: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_profiles_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_profiles_info.py new file mode 100644 index 00000000..74a8ea78 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_profiles_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_profiles_info +short_description: Information module for Network Access Profiles +description: +- Get all Network Access Profiles. +- Network Access - Returns list of authorization profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Profiles + description: Complete reference of the Network Access - Profiles API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_profiles.NetworkAccessProfiles.get_network_access_profiles, + + - Paths used are + get /network-access/authorization-profiles, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Profiles + cisco.ise.network_access_profiles_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_security_groups_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_security_groups_info.py new file mode 100644 index 00000000..660fab70 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_security_groups_info.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_security_groups_info +short_description: Information module for Network Access Security Groups +description: +- Get all Network Access Security Groups. +- Network Access - Return list of available security groups for authorization. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Security Groups + description: Complete reference of the Network Access - Security Groups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_security_groups.NetworkAccessSecurityGroups.get_network_access_security_groups, + + - Paths used are + get /network-access/security-groups, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Security Groups + cisco.ise.network_access_security_groups_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_service_name_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_service_name_info.py new file mode 100644 index 00000000..3bcb433a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_service_name_info.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_service_name_info +short_description: Information module for Network Access Service Name +description: +- Get all Network Access Service Name. +- Returns list of Allowed Protocols and Server Sequences for Network Access. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Service Names + description: Complete reference of the Network Access - Service Names API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_service_names.NetworkAccessServiceNames.get_network_access_service_names, + + - Paths used are + get /network-access/service-names, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Service Name + cisco.ise.network_access_service_name_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "isLocalAuthorization": true, + "name": "string", + "serviceType": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions.py b/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions.py new file mode 100644 index 00000000..15d98144 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions.py @@ -0,0 +1,299 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_time_date_conditions +short_description: Resource module for Network Access Time Date Conditions +description: +- Manage operations create, update and delete of the resource Network Access Time Date Conditions. +- Network Access - Creates time/date condition. +- Network Access - Delete Time/Date condition. +- Network Access - Update network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + attributeName: + description: Dictionary attribute name. + type: str + attributeValue: + description: . + type: str + children: + description: In case type is andBlock or orBlock addtional conditions will be aggregated + under this logical (OR/AND) condition. + elements: dict + suboptions: + conditionType: + description: . + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Time Date Conditions's link. + suboptions: + href: + description: Network Access Time Date Conditions's href. + type: str + rel: + description: Network Access Time Date Conditions's rel. + type: str + type: + description: Network Access Time Date Conditions's type. + type: str + type: dict + type: list + conditionType: + description: . + type: str + datesRange: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Network Access Time Date Conditions's endDate. + type: str + startDate: + description: Network Access Time Date Conditions's startDate. + type: str + type: dict + datesRangeException: + description:

Defines for which date/s TimeAndDate condition will be matched
+ Options are - Date range, for specific date, the same date should be used for + start/end date
Default - no specific dates
In order to reset the dates + to have no specific dates Date format - yyyy-mm-dd (MM = month, dd = day, yyyy + = year)

. + suboptions: + endDate: + description: Network Access Time Date Conditions's endDate. + type: str + startDate: + description: Network Access Time Date Conditions's startDate. + type: str + type: dict + description: + description: Condition description. + type: str + dictionaryName: + description: Dictionary name. + type: str + dictionaryValue: + description: Dictionary value. + type: str + hoursRange: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Time Date Conditions's endTime. + type: str + startTime: + description: Network Access Time Date Conditions's startTime. + type: str + type: dict + hoursRangeException: + description:

Defines for which hours a TimeAndDate condition will be matched
+ Time format - hh mm ( h = hour , mm = minutes )
Default - All Day

. + suboptions: + endTime: + description: Network Access Time Date Conditions's endTime. + type: str + startTime: + description: Network Access Time Date Conditions's startTime. + type: str + type: dict + id: + description: Network Access Time Date Conditions's id. + type: str + isNegate: + description: Indicates whereas this condition is in negate mode. + type: bool + link: + description: Network Access Time Date Conditions's link. + suboptions: + href: + description: Network Access Time Date Conditions's href. + type: str + rel: + description: Network Access Time Date Conditions's rel. + type: str + type: + description: Network Access Time Date Conditions's type. + type: str + type: dict + name: + description: Condition name. + type: str + operator: + description: Equality operator. + type: str + weekDays: + description:

Defines for which days this condition will be matched
Days format + - Arrays of WeekDay enums
Default - List of All week days

. + elements: str + type: list + weekDaysException: + description:

Defines for which days this condition will NOT be matched
Days + format - Arrays of WeekDay enums
Default - Not enabled

. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Time/Date Conditions + description: Complete reference of the Network Access - Time/Date Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_time_date_conditions.NetworkAccessTimeDateConditions.create_network_access_time_condition, + network_access_time_date_conditions.NetworkAccessTimeDateConditions.delete_network_access_time_condition_by_id, + network_access_time_date_conditions.NetworkAccessTimeDateConditions.update_network_access_time_condition_by_id, + + - Paths used are + post /network-access/time-condition, + delete /network-access/time-condition/{id}, + put /network-access/time-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.network_access_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Update by id + cisco.ise.network_access_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + attributeName: string + attributeValue: string + children: + - conditionType: string + isNegate: true + link: + href: string + rel: string + type: string + conditionType: string + datesRange: + endDate: string + startDate: string + datesRangeException: + endDate: string + startDate: string + description: string + dictionaryName: string + dictionaryValue: string + hoursRange: + endTime: string + startTime: string + hoursRangeException: + endTime: string + startTime: string + id: string + isNegate: true + link: + href: string + rel: string + type: string + name: string + operator: string + weekDays: + - string + weekDaysException: + - string + +- name: Delete by id + cisco.ise.network_access_time_date_conditions: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": {}, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions_info.py b/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions_info.py new file mode 100644 index 00000000..aa22bfe9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_access_time_date_conditions_info.py @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_access_time_date_conditions_info +short_description: Information module for Network Access Time Date Conditions +description: +- Get all Network Access Time Date Conditions. +- Get Network Access Time Date Conditions by id. +- Network Access - Returns a list of time and date conditions. +- Network Access - returns a network condition. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. Condition id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Network Access - Time/Date Conditions + description: Complete reference of the Network Access - Time/Date Conditions API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!policy-openapi +notes: + - SDK Method used are + network_access_time_date_conditions.NetworkAccessTimeDateConditions.get_network_access_time_condition_by_id, + network_access_time_date_conditions.NetworkAccessTimeDateConditions.get_network_access_time_conditions, + + - Paths used are + get /network-access/time-condition, + get /network-access/time-condition/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Access Time Date Conditions + cisco.ise.network_access_time_date_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Network Access Time Date Conditions by id + cisco.ise.network_access_time_date_conditions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device.py b/ansible_collections/cisco/ise/plugins/modules/network_device.py new file mode 100644 index 00000000..57a20dad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device.py @@ -0,0 +1,518 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device +short_description: Resource module for Network Device +description: +- Manage operations create, update and delete of the resource Network Device. +- This API creates a network device. +- This API deletes a network device by ID. +- This API deletes a network device by name. +- This API allows the client to update a network device by ID. +- This API allows the client to update a network device by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + NetworkDeviceGroupList: + description: List of Network Device Group names for this node. + elements: str + type: list + NetworkDeviceIPList: + description: List of IP Subnets for this node. + elements: dict + suboptions: + getIpaddressExclude: + description: It can be either single IP address or IP range address. + type: str + ipaddress: + description: Network Device's ipaddress. + type: str + mask: + description: Network Device's mask. + type: int + type: list + authenticationSettings: + description: Network Device's authenticationSettings. + suboptions: + dtlsRequired: + description: This value enforces use of dtls. + type: bool + enableKeyWrap: + description: EnableKeyWrap flag. + type: bool + enableMultiSecret: + description: Network Device's enableMultiSecret. + type: str + enabled: + description: Enabled flag. + type: bool + keyEncryptionKey: + description: Network Device's keyEncryptionKey. + type: str + keyInputFormat: + description: Allowed values - ASCII, - HEXADECIMAL. + type: str + messageAuthenticatorCodeKey: + description: Network Device's messageAuthenticatorCodeKey. + type: str + networkProtocol: + description: Allowed values - RADIUS, - TACACS_PLUS. + type: str + radiusSharedSecret: + description: Network Device's radiusSharedSecret. + type: str + secondRADIUSSharedSecret: + description: Network Device's secondRADIUSSharedSecret. + type: str + type: dict + coaPort: + description: Network Device's coaPort. + type: int + description: + description: Network Device's description. + type: str + dtlsDnsName: + description: This value is used to verify the client identity contained in the X.509 + RADIUS/DTLS client certificate. + type: str + id: + description: Network Device's id. + type: str + modelName: + description: Network Device's modelName. + type: str + name: + description: Network Device's name. + type: str + profileName: + description: Network Device's profileName. + type: str + snmpsettings: + description: Network Device's snmpsettings. + suboptions: + linkTrapQuery: + description: LinkTrapQuery flag. + type: bool + macTrapQuery: + description: MacTrapQuery flag. + type: bool + originatingPolicyServicesNode: + description: Network Device's originatingPolicyServicesNode. + type: str + pollingInterval: + description: Network Device's pollingInterval. + type: int + roCommunity: + description: Network Device's roCommunity. + type: str + version: + description: Network Device's version. + type: str + type: dict + softwareVersion: + description: Network Device's softwareVersion. + type: str + tacacsSettings: + description: Network Device's tacacsSettings. + suboptions: + connectModeOptions: + description: Allowed values - OFF, - ON_LEGACY, - ON_DRAFT_COMPLIANT. + type: str + sharedSecret: + description: Network Device's sharedSecret. + type: str + type: dict + trustsecsettings: + description: Network Device's trustsecsettings. + suboptions: + deviceAuthenticationSettings: + description: Network Device's deviceAuthenticationSettings. + suboptions: + sgaDeviceId: + description: Network Device's sgaDeviceId. + type: str + sgaDevicePassword: + description: Network Device's sgaDevicePassword. + type: str + type: dict + deviceConfigurationDeployment: + description: Network Device's deviceConfigurationDeployment. + suboptions: + enableModePassword: + description: Network Device's enableModePassword. + type: str + execModePassword: + description: Network Device's execModePassword. + type: str + execModeUsername: + description: Network Device's execModeUsername. + type: str + includeWhenDeployingSGTUpdates: + description: IncludeWhenDeployingSGTUpdates flag. + type: bool + type: dict + pushIdSupport: + description: PushIdSupport flag. + type: bool + sgaNotificationAndUpdates: + description: Network Device's sgaNotificationAndUpdates. + suboptions: + coaSourceHost: + description: Network Device's coaSourceHost. + type: str + downlaodEnvironmentDataEveryXSeconds: + description: Network Device's downlaodEnvironmentDataEveryXSeconds. + type: int + downlaodPeerAuthorizationPolicyEveryXSeconds: + description: Network Device's downlaodPeerAuthorizationPolicyEveryXSeconds. + type: int + downloadSGACLListsEveryXSeconds: + description: Network Device's downloadSGACLListsEveryXSeconds. + type: int + otherSGADevicesToTrustThisDevice: + description: OtherSGADevicesToTrustThisDevice flag. + type: bool + reAuthenticationEveryXSeconds: + description: Network Device's reAuthenticationEveryXSeconds. + type: int + sendConfigurationToDevice: + description: SendConfigurationToDevice flag. + type: bool + sendConfigurationToDeviceUsing: + description: Allowed values - ENABLE_USING_COA, - ENABLE_USING_CLI, - DISABLE_ALL. + type: str + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device.NetworkDevice.create_network_device, + network_device.NetworkDevice.delete_network_device_by_id, + network_device.NetworkDevice.delete_network_device_by_name, + network_device.NetworkDevice.update_network_device_by_id, + network_device.NetworkDevice.update_network_device_by_name, + + - Paths used are + post /ers/config/networkdevice, + delete /ers/config/networkdevice/name/{name}, + delete /ers/config/networkdevice/{id}, + put /ers/config/networkdevice/name/{name}, + put /ers/config/networkdevice/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.network_device: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + NetworkDeviceGroupList: + - string + NetworkDeviceIPList: + - getIpaddressExclude: string + ipaddress: string + mask: 0 + authenticationSettings: + dtlsRequired: true + enableKeyWrap: true + enableMultiSecret: string + enabled: true + keyEncryptionKey: string + keyInputFormat: string + messageAuthenticatorCodeKey: string + networkProtocol: string + radiusSharedSecret: string + secondRadiusSharedSecret: string + coaPort: 0 + description: string + dtlsDnsName: string + id: string + modelName: string + name: string + profileName: string + snmpsettings: + linkTrapQuery: true + macTrapQuery: true + originatingPolicyServicesNode: string + pollingInterval: 0 + roCommunity: string + version: string + softwareVersion: string + tacacsSettings: + connectModeOptions: string + sharedSecret: string + trustsecsettings: + deviceAuthenticationSettings: + sgaDeviceId: string + sgaDevicePassword: string + deviceConfigurationDeployment: + enableModePassword: string + execModePassword: string + execModeUsername: string + includeWhenDeployingSGTUpdates: true + pushIdSupport: true + sgaNotificationAndUpdates: + coaSourceHost: string + downlaodEnvironmentDataEveryXSeconds: 0 + downlaodPeerAuthorizationPolicyEveryXSeconds: 0 + downloadSGACLListsEveryXSeconds: 0 + otherSGADevicesToTrustThisDevice: true + reAuthenticationEveryXSeconds: 0 + sendConfigurationToDevice: true + sendConfigurationToDeviceUsing: string + +- name: Delete by name + cisco.ise.network_device: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.network_device: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + NetworkDeviceGroupList: + - string + NetworkDeviceIPList: + - getIpaddressExclude: string + ipaddress: string + mask: 0 + authenticationSettings: + dtlsRequired: true + enableKeyWrap: true + enableMultiSecret: string + enabled: true + keyEncryptionKey: string + keyInputFormat: string + messageAuthenticatorCodeKey: string + networkProtocol: string + radiusSharedSecret: string + secondRadiusSharedSecret: string + coaPort: 0 + description: string + dtlsDnsName: string + id: string + modelName: string + name: string + profileName: string + snmpsettings: + linkTrapQuery: true + macTrapQuery: true + originatingPolicyServicesNode: string + pollingInterval: 0 + roCommunity: string + version: string + softwareVersion: string + tacacsSettings: + connectModeOptions: string + sharedSecret: string + trustsecsettings: + deviceAuthenticationSettings: + sgaDeviceId: string + sgaDevicePassword: string + deviceConfigurationDeployment: + enableModePassword: string + execModePassword: string + execModeUsername: string + includeWhenDeployingSGTUpdates: true + pushIdSupport: true + sgaNotificationAndUpdates: + coaSourceHost: string + downlaodEnvironmentDataEveryXSeconds: 0 + downlaodPeerAuthorizationPolicyEveryXSeconds: 0 + downloadSGACLListsEveryXSeconds: 0 + otherSGADevicesToTrustThisDevice: true + reAuthenticationEveryXSeconds: 0 + sendConfigurationToDevice: true + sendConfigurationToDeviceUsing: string + +- name: Delete by id + cisco.ise.network_device: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.network_device: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + NetworkDeviceGroupList: + - string + NetworkDeviceIPList: + - getIpaddressExclude: string + ipaddress: string + mask: 0 + authenticationSettings: + dtlsRequired: true + enableKeyWrap: true + enableMultiSecret: string + enabled: true + keyEncryptionKey: string + keyInputFormat: string + messageAuthenticatorCodeKey: string + networkProtocol: string + radiusSharedSecret: string + secondRadiusSharedSecret: string + coaPort: 0 + description: string + dtlsDnsName: string + modelName: string + name: string + profileName: string + snmpsettings: + linkTrapQuery: true + macTrapQuery: true + originatingPolicyServicesNode: string + pollingInterval: 0 + roCommunity: string + version: string + softwareVersion: string + tacacsSettings: + connectModeOptions: string + sharedSecret: string + trustsecsettings: + deviceAuthenticationSettings: + sgaDeviceId: string + sgaDevicePassword: string + deviceConfigurationDeployment: + enableModePassword: string + execModePassword: string + execModeUsername: string + includeWhenDeployingSGTUpdates: true + pushIdSupport: true + sgaNotificationAndUpdates: + coaSourceHost: string + downlaodEnvironmentDataEveryXSeconds: 0 + downlaodPeerAuthorizationPolicyEveryXSeconds: 0 + downloadSGACLListsEveryXSeconds: 0 + otherSGADevicesToTrustThisDevice: true + reAuthenticationEveryXSeconds: 0 + sendConfigurationToDevice: true + sendConfigurationToDeviceUsing: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "authenticationSettings": { + "networkProtocol": "string", + "secondRadiusSharedSecret": "string", + "radiusSharedSecret": "string", + "enableKeyWrap": true, + "enabled": true, + "dtlsRequired": true, + "enableMultiSecret": "string", + "keyEncryptionKey": "string", + "messageAuthenticatorCodeKey": "string", + "keyInputFormat": "string" + }, + "snmpsettings": { + "version": "string", + "roCommunity": "string", + "pollingInterval": 0, + "linkTrapQuery": true, + "macTrapQuery": true, + "originatingPolicyServicesNode": "string" + }, + "trustsecsettings": { + "deviceAuthenticationSettings": { + "sgaDeviceId": "string", + "sgaDevicePassword": "string" + }, + "sgaNotificationAndUpdates": { + "downlaodEnvironmentDataEveryXSeconds": 0, + "downlaodPeerAuthorizationPolicyEveryXSeconds": 0, + "reAuthenticationEveryXSeconds": 0, + "downloadSGACLListsEveryXSeconds": 0, + "otherSGADevicesToTrustThisDevice": true, + "sendConfigurationToDevice": true, + "sendConfigurationToDeviceUsing": "string", + "coaSourceHost": "string" + }, + "deviceConfigurationDeployment": { + "includeWhenDeployingSGTUpdates": true, + "enableModePassword": "string", + "execModePassword": "string", + "execModeUsername": "string" + }, + "pushIdSupport": true + }, + "tacacsSettings": { + "sharedSecret": "string", + "connectModeOptions": "string" + }, + "profileName": "string", + "coaPort": 0, + "dtlsDnsName": "string", + "modelName": "string", + "softwareVersion": "string", + "NetworkDeviceIPList": [ + { + "ipaddress": "string", + "mask": 0, + "getIpaddressExclude": "string" + } + ], + "NetworkDeviceGroupList": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_monitor_status_info.py new file mode 100644 index 00000000..7f885031 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device_bulk_monitor_status_info +short_description: Information module for Network Device Bulk Monitor Status +description: +- Get Network Device Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device.NetworkDevice.monitor_bulk_status_network_device, + + - Paths used are + get /ers/config/networkdevice/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get Network Device Bulk Monitor Status by id + cisco.ise.network_device_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_request.py new file mode 100644 index 00000000..0489df3c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device_bulk_request +short_description: Resource module for Network Device Bulk Request +description: +- Manage operation update of the resource Network Device Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: Network Device Bulk Request's operationType. + type: str + resourceMediaType: + description: Network Device Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device.NetworkDevice.bulk_request_for_network_device, + + - Paths used are + put /ers/config/networkdevice/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.network_device_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device_group.py b/ansible_collections/cisco/ise/plugins/modules/network_device_group.py new file mode 100644 index 00000000..12515718 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device_group.py @@ -0,0 +1,122 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device_group +short_description: Resource module for Network Device Group +description: +- Manage operations create, update and delete of the resource Network Device Group. +- This API creates a network device group. +- This API deletes a network device group. +- This API allows the client to update a network device group. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Network Device Group's description. + type: str + id: + description: Network Device Group's id. + type: str + name: + description: Network Device Group's name. + type: str + othername: + description: Network Device Group's othername. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device_group.NetworkDeviceGroup.create_network_device_group, + network_device_group.NetworkDeviceGroup.delete_network_device_group_by_id, + network_device_group.NetworkDeviceGroup.update_network_device_group_by_id, + + - Paths used are + post /ers/config/networkdevicegroup, + delete /ers/config/networkdevicegroup/{id}, + put /ers/config/networkdevicegroup/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.network_device_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + othername: string + +- name: Delete by id + cisco.ise.network_device_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.network_device_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + name: string + othername: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + }, + "othername": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device_group_info.py b/ansible_collections/cisco/ise/plugins/modules/network_device_group_info.py new file mode 100644 index 00000000..f729d6e4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device_group_info.py @@ -0,0 +1,164 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device_group_info +short_description: Information module for Network Device Group +description: +- Get all Network Device Group. +- Get Network Device Group by id. +- Get Network Device Group by name. +- This API allows the client to get a network device group by ID. +- This API allows the client to get a network device group by name. +- This API allows the client to get all the network device groups. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - > + Name path parameter. Colon is used as a separator instead of (#) in the NDG name. For example, if the name + is a#b#c it should appear in the request URL as a b c. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device_group.NetworkDeviceGroup.get_network_device_group_by_id, + network_device_group.NetworkDeviceGroup.get_network_device_group_by_name, + network_device_group.NetworkDeviceGroup.get_network_device_group_generator, + + - Paths used are + get /ers/config/networkdevicegroup, + get /ers/config/networkdevicegroup/name/{name}, + get /ers/config/networkdevicegroup/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Device Group + cisco.ise.network_device_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Network Device Group by id + cisco.ise.network_device_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Network Device Group by name + cisco.ise.network_device_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + }, + "othername": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + }, + "othername": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/network_device_info.py b/ansible_collections/cisco/ise/plugins/modules/network_device_info.py new file mode 100644 index 00000000..95ef6fce --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/network_device_info.py @@ -0,0 +1,284 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: network_device_info +short_description: Information module for Network Device +description: +- Get all Network Device. +- Get Network Device by id. +- Get Network Device by name. +- This API allows the client to get a network device by ID. +- This API allows the client to get a network device by name. +- This API allows the client to get all the network devices. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + network_device.NetworkDevice.get_network_device_by_id, + network_device.NetworkDevice.get_network_device_by_name, + network_device.NetworkDevice.get_network_device_generator, + + - Paths used are + get /ers/config/networkdevice, + get /ers/config/networkdevice/name/{name}, + get /ers/config/networkdevice/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Network Device + cisco.ise.network_device_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Network Device by id + cisco.ise.network_device_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Network Device by name + cisco.ise.network_device_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "authenticationSettings": { + "networkProtocol": "string", + "secondRadiusSharedSecret": "string", + "radiusSharedSecret": "string", + "enableKeyWrap": true, + "enabled": true, + "dtlsRequired": true, + "enableMultiSecret": "string", + "keyEncryptionKey": "string", + "messageAuthenticatorCodeKey": "string", + "keyInputFormat": "string" + }, + "snmpsettings": { + "version": "string", + "roCommunity": "string", + "pollingInterval": 0, + "linkTrapQuery": true, + "macTrapQuery": true, + "originatingPolicyServicesNode": "string" + }, + "trustsecsettings": { + "deviceAuthenticationSettings": { + "sgaDeviceId": "string", + "sgaDevicePassword": "string" + }, + "sgaNotificationAndUpdates": { + "downlaodEnvironmentDataEveryXSeconds": 0, + "downlaodPeerAuthorizationPolicyEveryXSeconds": 0, + "reAuthenticationEveryXSeconds": 0, + "downloadSGACLListsEveryXSeconds": 0, + "otherSGADevicesToTrustThisDevice": true, + "sendConfigurationToDevice": true, + "sendConfigurationToDeviceUsing": "string", + "coaSourceHost": "string" + }, + "deviceConfigurationDeployment": { + "includeWhenDeployingSGTUpdates": true, + "enableModePassword": "string", + "execModePassword": "string", + "execModeUsername": "string" + }, + "pushIdSupport": true + }, + "tacacsSettings": { + "sharedSecret": "string", + "connectModeOptions": "string" + }, + "profileName": "string", + "coaPort": 0, + "dtlsDnsName": "string", + "modelName": "string", + "softwareVersion": "string", + "NetworkDeviceIPList": [ + { + "ipaddress": "string", + "mask": 0, + "getIpaddressExclude": "string" + } + ], + "NetworkDeviceGroupList": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "authenticationSettings": { + "networkProtocol": "string", + "secondRadiusSharedSecret": "string", + "radiusSharedSecret": "string", + "enableKeyWrap": true, + "enabled": true, + "dtlsRequired": true, + "enableMultiSecret": "string", + "keyEncryptionKey": "string", + "messageAuthenticatorCodeKey": "string", + "keyInputFormat": "string" + }, + "snmpsettings": { + "version": "string", + "roCommunity": "string", + "pollingInterval": 0, + "linkTrapQuery": true, + "macTrapQuery": true, + "originatingPolicyServicesNode": "string" + }, + "trustsecsettings": { + "deviceAuthenticationSettings": { + "sgaDeviceId": "string", + "sgaDevicePassword": "string" + }, + "sgaNotificationAndUpdates": { + "downlaodEnvironmentDataEveryXSeconds": 0, + "downlaodPeerAuthorizationPolicyEveryXSeconds": 0, + "reAuthenticationEveryXSeconds": 0, + "downloadSGACLListsEveryXSeconds": 0, + "otherSGADevicesToTrustThisDevice": true, + "sendConfigurationToDevice": true, + "sendConfigurationToDeviceUsing": "string", + "coaSourceHost": "string" + }, + "deviceConfigurationDeployment": { + "includeWhenDeployingSGTUpdates": true, + "enableModePassword": "string", + "execModePassword": "string", + "execModeUsername": "string" + }, + "pushIdSupport": true + }, + "tacacsSettings": { + "sharedSecret": "string", + "connectModeOptions": "string" + }, + "profileName": "string", + "coaPort": 0, + "dtlsDnsName": "string", + "modelName": "string", + "softwareVersion": "string", + "NetworkDeviceIPList": [ + { + "ipaddress": "string", + "mask": 0, + "getIpaddressExclude": "string" + } + ], + "NetworkDeviceGroupList": [ + "string" + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_deployment.py b/ansible_collections/cisco/ise/plugins/modules/node_deployment.py new file mode 100644 index 00000000..4af07b07 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_deployment.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_deployment +short_description: Resource module for Node Deployment +description: +- Manage operations create, update and delete of the resource Node Deployment. +- This API registers a Cisco ISE node to form a multi-node deployment. +- The deregistered node becomes a standalone Cisco ISE node. +- This API updates the configuration of the Cisco ISE node with the. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowCertImport: + description: Consent to import the self-signed certificate of the registering node. + type: bool + fqdn: + description: Node Deployment's fqdn. + type: str + hostname: + description: Hostname path parameter. Hostname of the deployed node. + type: str + password: + description: Node Deployment's password. + type: str + roles: + description: Roles can be empty or have many values for a node. + elements: str + type: list + services: + description: Services can be empty or have many values for a node. + elements: str + type: list + userName: + description: Node Deployment's userName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.delete_node, + node_deployment.NodeDeployment.register_node, + node_deployment.NodeDeployment.update_node, + + - Paths used are + post /api/v1/deployment/node, + delete /api/v1/deployment/node/{hostname}, + put /api/v1/deployment/node/{hostname}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_deployment: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + allowCertImport: true + fqdn: string + password: string + roles: + - string + services: + - string + userName: string + +- name: Update by name + cisco.ise.node_deployment: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + hostname: string + roles: + - string + services: + - string + +- name: Delete by name + cisco.ise.node_deployment: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "fqdn": "string", + "hostname": "string", + "ipAddress": "string", + "nodeStatus": "string", + "roles": [ + "string" + ], + "services": [ + "string" + ] + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_deployment_info.py b/ansible_collections/cisco/ise/plugins/modules/node_deployment_info.py new file mode 100644 index 00000000..76363516 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_deployment_info.py @@ -0,0 +1,109 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_deployment_info +short_description: Information module for Node Deployment +description: +- Get all Node Deployment. +- Get Node Deployment by name. +- The API lists all the nodes that are deployed in the cluster. +- This API retrieves detailed information of the deployed node. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** is available through the filter query string + parameter. The structure of a filter is a triplet of field operator and value, separated by dots. More than + one filter can be sent. The logical operator common to all filter criteria is AND by default, and can be + changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to all filter criteria is AND by default, and can be + changed by using this parameter. + type: str + hostname: + description: + - Hostname path parameter. Hostname of the deployed node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.get_node_details, + node_deployment.NodeDeployment.get_nodes, + + - Paths used are + get /api/v1/deployment/node, + get /api/v1/deployment/node/{hostname}, + +""" + +EXAMPLES = r""" +- name: Get all Node Deployment + cisco.ise.node_deployment_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + filter: [] + filterType: string + register: result + +- name: Get Node Deployment by name + cisco.ise.node_deployment_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "fqdn": "string", + "hostname": "string", + "ipAddress": "string", + "nodeStatus": "string", + "roles": [ + "string" + ], + "services": [ + "string" + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_deployment_sync.py b/ansible_collections/cisco/ise/plugins/modules/node_deployment_sync.py new file mode 100644 index 00000000..5d3d60c9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_deployment_sync.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_deployment_sync +short_description: Resource module for Node Deployment Sync +description: +- Manage operation create of the resource Node Deployment Sync. +- Performing a manual synchronization involves a reload of the target node, but. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Hostname path parameter. Hostname of the node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.sync_node, + + - Paths used are + post /api/v1/deployment/sync-node/{hostname}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_deployment_sync: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_group.py b/ansible_collections/cisco/ise/plugins/modules/node_group.py new file mode 100644 index 00000000..8e28165f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_group.py @@ -0,0 +1,147 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_group +short_description: Resource module for Node Group +description: +- Manage operations create, update and delete of the resource Node Group. +- This API creates a node group in the cluster. A node group is a group of PSNs,. +- Delete an existing node group in the cluster. Deleting the node group does not delete the nodes, but failover is no longer carried out among the nodes. +- Purpose of this API is to update an existing node group. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Node Group's description. + type: str + forceDelete: + description: ForceDelete query parameter. Force delete the group even if the node + group contains one or more nodes. + type: bool + marCache: + description: Node Group's marCache. + suboptions: + query-attempts: + description: The number of times Cisco ISE attempts to perform the cache entry + query. (0 - 5). + type: int + query-timeout: + description: The time, in seconds, after which the cache entry query times out. + (1 - 10). + type: int + replication-attempts: + description: The number of times Cisco ISE attempts to perform MAR cache entry + replication. (0 - 5). + type: int + replication-timeout: + description: The time, in seconds, after which the cache entry replication times + out. (1 - 10). + type: int + type: dict + name: + description: Node Group's name. + type: str + nodeGroupName: + description: NodeGroupName path parameter. Name of the existing node group. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Group + description: Complete reference of the Node Group API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_group.NodeGroup.create_node_group, + node_group.NodeGroup.delete_node_group, + node_group.NodeGroup.update_node_group, + + - Paths used are + post /api/v1/deployment/node-group, + delete /api/v1/deployment/node-group/{nodeGroupName}, + put /api/v1/deployment/node-group/{nodeGroupName}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + marCache: + query-attempts: 0 + query-timeout: 0 + replication-attempts: 0 + replication-timeout: 0 + name: string + +- name: Update by name + cisco.ise.node_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + marCache: + query-attempts: 0 + query-timeout: 0 + replication-attempts: 0 + replication-timeout: 0 + name: string + nodeGroupName: string + +- name: Delete by name + cisco.ise.node_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + forceDelete: true + nodeGroupName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "description": "string", + "marCache": { + "query-attempts": 0, + "query-timeout": 0, + "replication-attempts": 0, + "replication-timeout": 0 + }, + "name": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_group_info.py b/ansible_collections/cisco/ise/plugins/modules/node_group_info.py new file mode 100644 index 00000000..ee2f50ae --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_group_info.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_group_info +short_description: Information module for Node Group +description: +- Get all Node Group. +- Get Node Group by name. +- This API retrieves the details of a node group in the cluster using a node group name. +- This API retrieves the details of all the node groups in the cluster. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + nodeGroupName: + description: + - NodeGroupName path parameter. Name of the existing node group. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Group + description: Complete reference of the Node Group API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_group.NodeGroup.get_node_group, + node_group.NodeGroup.get_node_groups, + + - Paths used are + get /api/v1/deployment/node-group, + get /api/v1/deployment/node-group/{nodeGroupName}, + +""" + +EXAMPLES = r""" +- name: Get all Node Group + cisco.ise.node_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Node Group by name + cisco.ise.node_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + nodeGroupName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "description": "string", + "marCache": { + "query-attempts": 0, + "query-timeout": 0, + "replication-attempts": 0, + "replication-timeout": 0 + }, + "name": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_group_node_create.py b/ansible_collections/cisco/ise/plugins/modules/node_group_node_create.py new file mode 100644 index 00000000..f57f5233 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_group_node_create.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_group_node_create +short_description: Resource module for Node Group Node Create +description: +- Manage operation create of the resource Node Group Node Create. +- This API adds a node to the node group in the cluster. When a node that. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Node Group Node Create's hostname. + type: str + nodeGroupName: + description: NodeGroupName path parameter. Name of the existing node group. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Group + description: Complete reference of the Node Group API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_group.NodeGroup.add_node, + + - Paths used are + post /api/v1/deployment/node-group/{nodeGroupName}/add-node, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_group_node_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + nodeGroupName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_group_node_delete.py b/ansible_collections/cisco/ise/plugins/modules/node_group_node_delete.py new file mode 100644 index 00000000..0097d0c8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_group_node_delete.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_group_node_delete +short_description: Resource module for Node Group Node Delete +description: +- Manage operation create of the resource Node Group Node Delete. +- Purpose of this API is to remove a node from a node group in the cluster. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Node Group Node Delete's hostname. + type: str + nodeGroupName: + description: NodeGroupName path parameter. Name of the existing node group. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Group + description: Complete reference of the Node Group API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_group.NodeGroup.remove_node, + + - Paths used are + post /api/v1/deployment/node-group/{nodeGroupName}/remove-node, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_group_node_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + nodeGroupName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_group_node_info.py b/ansible_collections/cisco/ise/plugins/modules/node_group_node_info.py new file mode 100644 index 00000000..46ed0b9e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_group_node_info.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_group_node_info +short_description: Information module for Node Group Node +description: +- Get all Node Group Node. +- This API retrieves the list of nodes associated with a node group in the cluster with a given node group name. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + nodeGroupName: + description: + - NodeGroupName path parameter. Name of the existing node group. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Group + description: Complete reference of the Node Group API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_group.NodeGroup.get_nodes, + + - Paths used are + get /api/v1/deployment/node-group/{nodeGroupName}/node, + +""" + +EXAMPLES = r""" +- name: Get all Node Group Node + cisco.ise.node_group_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + nodeGroupName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "hostname": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_info.py b/ansible_collections/cisco/ise/plugins/modules/node_info.py new file mode 100644 index 00000000..e0ca4751 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_info.py @@ -0,0 +1,184 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_info +short_description: Information module for Node +description: +- Get all Node. +- Get Node by id. +- Get Node by name. +- This API allows the client to get all the node details. +- This API allows the client to get node details by ID. +- This API allows the client to get node details by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for NodeDetails + description: Complete reference of the NodeDetails API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!node +notes: + - SDK Method used are + node_details.NodeDetails.get_node_detail_by_id, + node_details.NodeDetails.get_node_detail_by_name, + node_details.NodeDetails.get_node_details_generator, + + - Paths used are + get /ers/config/node, + get /ers/config/node/name/{name}, + get /ers/config/node/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Node + cisco.ise.node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + filter: [] + filterType: AND + register: result + +- name: Get Node by id + cisco.ise.node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Node by name + cisco.ise.node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "gateWay": "string", + "userName": "string", + "passWord": "string", + "displayName": "string", + "inDeployment": true, + "otherPapFqdn": "string", + "ipAddresses": [ + "string" + ], + "ipAddress": "string", + "sxpIpAddress": "string", + "nodeServiceTypes": "string", + "fqdn": "string", + "papNode": true, + "primaryPapNode": true, + "pxGridNode": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "gateWay": "string", + "userName": "string", + "passWord": "string", + "displayName": "string", + "inDeployment": true, + "otherPapFqdn": "string", + "ipAddresses": [ + "string" + ], + "ipAddress": "string", + "sxpIpAddress": "string", + "nodeServiceTypes": "string", + "fqdn": "string", + "papNode": true, + "primaryPapNode": true, + "pxGridNode": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_primary_to_standalone.py b/ansible_collections/cisco/ise/plugins/modules/node_primary_to_standalone.py new file mode 100644 index 00000000..e83c1922 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_primary_to_standalone.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_primary_to_standalone +short_description: Resource module for Node Primary To Standalone +description: +- Manage operation create of the resource Node Primary To Standalone. +- This API changes the primary PAN in a single node cluster on which the API is invoked, to a standalone node. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Hostname path parameter. Hostname of the node. + type: str + required: true +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.make_standalone, + + - Paths used are + post /api/v1/deployment/standalone, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_primary_to_standalone: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_promotion.py b/ansible_collections/cisco/ise/plugins/modules/node_promotion.py new file mode 100644 index 00000000..c3c0bf92 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_promotion.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_promotion +short_description: Resource module for Node Promotion +description: +- Manage operation update of the resource Node Promotion. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + promotionType: + description: Node Promotion's promotionType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + node_deployment.NodeDeployment.promote_node, + + - Paths used are + put /api/v1/deployment/node-promotion/, +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.node_promotion: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + promotionType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string", + "rootCause": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_replication_status_info.py b/ansible_collections/cisco/ise/plugins/modules/node_replication_status_info.py new file mode 100644 index 00000000..86c442d1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_replication_status_info.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_replication_status_info +short_description: Information module for Node Replication Status +description: +- Get Node Replication Status by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + node: + description: + - Node path parameter. ID of the existing node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + replication_status.ReplicationStatus.get_node_replication_status, + + - Paths used are + get /api/v1/replication-status/{node} +""" + +EXAMPLES = r""" +- name: Get Node Replication Status by id + cisco.ise.node_replication_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + node: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "NodeStatus": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_secondary_to_primary.py b/ansible_collections/cisco/ise/plugins/modules/node_secondary_to_primary.py new file mode 100644 index 00000000..236082dc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_secondary_to_primary.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_secondary_to_primary +short_description: Resource module for Node Secondary To Primary +description: +- Manage operation create of the resource Node Secondary To Primary. +- Execute this API in the secondary PAN in the cluster to promote the node to. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Hostname path parameter. Hostname of the node. + type: str + required: true +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.promote_node, + + - Paths used are + post /api/v1/deployment/promote, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_secondary_to_primary: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_services_interfaces_info.py b/ansible_collections/cisco/ise/plugins/modules/node_services_interfaces_info.py new file mode 100644 index 00000000..893da855 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_services_interfaces_info.py @@ -0,0 +1,63 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_services_interfaces_info +short_description: Information module for Node Services Interfaces +description: +- Get all Node Services Interfaces. +- This API retrieves the list of interfaces on a node in a cluster. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + hostname: + description: + - Hostname path parameter. Hostname of the node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Services + description: Complete reference of the Node Services API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_services.NodeServices.get_interfaces, + + - Paths used are + get /api/v1/node/{hostname}/interface, + +""" + +EXAMPLES = r""" +- name: Get all Node Services Interfaces + cisco.ise.node_services_interfaces_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "interface": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config.py b/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config.py new file mode 100644 index 00000000..b47eff3a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config.py @@ -0,0 +1,284 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_services_profiler_probe_config +short_description: Resource module for Node Services Profiler Probe Config +description: +- Manage operation update of the resource Node Services Profiler Probe Config. +- This API updates the profiler probe configuration of a PSN. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + activeDirectory: + description: The Active Directory probe queries the Active Directory for Windows + information. + suboptions: + daysBeforeRescan: + description: Node Services Profiler Probe Config's daysBeforeRescan. + type: int + type: dict + dhcp: + description: The DHCP probe listens for DHCP packets from IP helpers. + suboptions: + interfaces: + description: Node Services Profiler Probe Config's interfaces. + elements: dict + suboptions: + interface: + description: Node Services Profiler Probe Config's interface. + type: str + type: list + port: + description: Node Services Profiler Probe Config's port. + type: int + type: dict + dhcpSpan: + description: The DHCP SPAN probe collects DHCP packets. + suboptions: + interfaces: + description: Node Services Profiler Probe Config's interfaces. + elements: dict + suboptions: + interface: + description: Node Services Profiler Probe Config's interface. + type: str + type: list + type: dict + dns: + description: The DNS probe performs a DNS lookup for the FQDN. + suboptions: + timeout: + description: Node Services Profiler Probe Config's timeout. + type: int + type: dict + hostname: + description: Hostname path parameter. Hostname of the node. + type: str + http: + description: The HTTP probe receives and parses HTTP packets. + suboptions: + interfaces: + description: Node Services Profiler Probe Config's interfaces. + elements: dict + suboptions: + interface: + description: Node Services Profiler Probe Config's interface. + type: str + type: list + type: dict + netflow: + description: The NetFlow probe collects the NetFlow packets that are sent to it + from routers. + suboptions: + interfaces: + description: Node Services Profiler Probe Config's interfaces. + elements: dict + suboptions: + interface: + description: Node Services Profiler Probe Config's interface. + type: str + type: list + port: + description: Node Services Profiler Probe Config's port. + type: int + type: dict + nmap: + description: The NMAP probe scans endpoints for open ports and OS. + elements: dict + type: list + pxgrid: + description: The pxGrid probe fetches attributes of MAC address or IP address as + a subscriber from the pxGrid queue. + elements: dict + type: list + radius: + description: The RADIUS probe collects RADIUS session attributes as well as CDP, + LLDP, DHCP, HTTP, and MDM attributes from IOS Sensors. + elements: dict + type: list + snmpQuery: + description: The SNMP query probe collects details from network devices such as + interface, CDP, LLDP, and ARP. + suboptions: + eventTimeout: + description: Node Services Profiler Probe Config's eventTimeout. + type: int + retries: + description: Node Services Profiler Probe Config's retries. + type: int + timeout: + description: Node Services Profiler Probe Config's timeout. + type: int + type: dict + snmpTrap: + description: The SNMP trap probe receives linkup, linkdown, and MAC notification + traps from network devices. + suboptions: + interfaces: + description: Node Services Profiler Probe Config's interfaces. + elements: dict + suboptions: + interface: + description: Node Services Profiler Probe Config's interface. + type: str + type: list + linkTrapQuery: + description: LinkTrapQuery flag. + type: bool + macTrapQuery: + description: MacTrapQuery flag. + type: bool + port: + description: Node Services Profiler Probe Config's port. + type: int + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Services + description: Complete reference of the Node Services API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_services.NodeServices.set_profiler_probe_config, + + - Paths used are + put /api/v1/profile/{hostname}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.node_services_profiler_probe_config: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + activeDirectory: + daysBeforeRescan: 0 + dhcp: + interfaces: + - interface: string + port: 0 + dhcpSpan: + interfaces: + - interface: string + dns: + timeout: 0 + hostname: string + http: + interfaces: + - interface: string + netflow: + interfaces: + - interface: string + port: 0 + nmap: + - {} + pxgrid: + - {} + radius: + - {} + snmpQuery: + eventTimeout: 0 + retries: 0 + timeout: 0 + snmpTrap: + interfaces: + - interface: string + linkTrapQuery: true + macTrapQuery: true + port: 0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "activeDirectory": { + "daysBeforeRescan": 0 + }, + "dhcp": { + "interfaces": [ + { + "interface": "string" + } + ], + "port": 0 + }, + "dhcpSpan": { + "interfaces": [ + { + "interface": "string" + } + ] + }, + "dns": { + "timeout": 0 + }, + "http": { + "interfaces": [ + { + "interface": "string" + } + ] + }, + "netflow": { + "interfaces": [ + { + "interface": "string" + } + ], + "port": 0 + }, + "nmap": [ + {} + ], + "pxgrid": [ + {} + ], + "radius": [ + {} + ], + "snmpQuery": { + "eventTimeout": 0, + "retries": 0, + "timeout": 0 + }, + "snmpTrap": { + "interfaces": [ + { + "interface": "string" + } + ], + "linkTrapQuery": true, + "macTrapQuery": true, + "port": 0 + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config_info.py b/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config_info.py new file mode 100644 index 00000000..10656397 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_services_profiler_probe_config_info.py @@ -0,0 +1,119 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_services_profiler_probe_config_info +short_description: Information module for Node Services Profiler Probe Config +description: +- Get Node Services Profiler Probe Config by name. +- This API retrieves the profiler probe configuration of a PSN. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + hostname: + description: + - Hostname path parameter. Hostname of the node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Services + description: Complete reference of the Node Services API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_services.NodeServices.get_profiler_probe_config, + + - Paths used are + get /api/v1/profile/{hostname}, + +""" + +EXAMPLES = r""" +- name: Get Node Services Profiler Probe Config by name + cisco.ise.node_services_profiler_probe_config_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "activeDirectory": { + "daysBeforeRescan": 0 + }, + "dhcp": { + "interfaces": [ + { + "interface": "string" + } + ], + "port": 0 + }, + "dhcpSpan": { + "interfaces": [ + { + "interface": "string" + } + ] + }, + "dns": { + "timeout": 0 + }, + "http": { + "interfaces": [ + { + "interface": "string" + } + ] + }, + "netflow": { + "interfaces": [ + { + "interface": "string" + } + ], + "port": 0 + }, + "nmap": [ + {} + ], + "pxgrid": [ + {} + ], + "radius": [ + {} + ], + "snmpQuery": { + "eventTimeout": 0, + "retries": 0, + "timeout": 0 + }, + "snmpTrap": { + "interfaces": [ + { + "interface": "string" + } + ], + "linkTrapQuery": true, + "macTrapQuery": true, + "port": 0 + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces.py b/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces.py new file mode 100644 index 00000000..af5961ad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_services_sxp_interfaces +short_description: Resource module for Node Services SXP Interfaces +description: +- Manage operation update of the resource Node Services SXP Interfaces. +- This API configures the SXP interface. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Hostname path parameter. Hostname of the node. + type: str + interface: + description: Node Services SXP Interfaces's interface. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Services + description: Complete reference of the Node Services API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_services.NodeServices.set_sxp_interface, + + - Paths used are + put /api/v1/node/{hostname}/sxp-interface, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.node_services_sxp_interfaces: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + hostname: string + interface: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "interface": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces_info.py b/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces_info.py new file mode 100644 index 00000000..fdd2716d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_services_sxp_interfaces_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_services_sxp_interfaces_info +short_description: Information module for Node Services SXP Interfaces +description: +- Get all Node Services SXP Interfaces. +- This API retrieves the SXP interface. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + hostname: + description: + - Hostname path parameter. Hostname of the node. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Services + description: Complete reference of the Node Services API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_services.NodeServices.get_sxp_interface, + + - Paths used are + get /api/v1/node/{hostname}/sxp-interface, + +""" + +EXAMPLES = r""" +- name: Get all Node Services SXP Interfaces + cisco.ise.node_services_sxp_interfaces_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "interface": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_standalone_to_primary.py b/ansible_collections/cisco/ise/plugins/modules/node_standalone_to_primary.py new file mode 100644 index 00000000..c397cb32 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_standalone_to_primary.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_standalone_to_primary +short_description: Resource module for Node Standalone To Primary +description: +- Manage operation create of the resource Node Standalone To Primary. +- This API promotes the standalone node on which the API is invoked to the primary Policy Administration node PAN . +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Hostname path parameter. Hostname of the node. + type: str + required: true +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Node Deployment + description: Complete reference of the Node Deployment API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + node_deployment.NodeDeployment.make_primary, + + - Paths used are + post /api/v1/deployment/primary, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_standalone_to_primary: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/node_sync.py b/ansible_collections/cisco/ise/plugins/modules/node_sync.py new file mode 100644 index 00000000..e45a0ae1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/node_sync.py @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: node_sync +short_description: Resource module for Node Sync +description: +- Manage operation create of the resource Node Sync. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + hostname: + description: Node Sync's hostname. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sync_ise_node.SyncIseNode.sync_node, + + - Paths used are + post /api/v1/deployment/sync-node +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.node_sync: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string", + "rootCause": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pan_ha.py b/ansible_collections/cisco/ise/plugins/modules/pan_ha.py new file mode 100644 index 00000000..0a33b80f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pan_ha.py @@ -0,0 +1,84 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pan_ha +short_description: Resource module for Pan Ha +description: +- Manage operations create and delete of the resource Pan Ha. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + failedAttempts: + description: Pan Ha's failedAttempts. + type: int + isEnabled: + description: IsEnabled flag. + type: bool + pollingInterval: + description: Pan Ha's pollingInterval. + type: int + primaryHealthCheckNode: + description: Pan Ha's primaryHealthCheckNode. + type: str + secondaryHealthCheckNode: + description: Pan Ha's secondaryHealthCheckNode. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sync_ise_node.ReplicationStatus.get_node_replication_status, + + - Paths used are + get /api/v1/replication-status/{node} +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pan_ha: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + failedAttempts: 0 + isEnabled: true + pollingInterval: 0 + primaryHealthCheckNode: string + secondaryHealthCheckNode: string + +- name: Delete all + cisco.ise.pan_ha: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "isEnabled": true, + "primaryHealthCheckNode": "string", + "secondaryHealthCheckNode": "string", + "pollingInterval": 0, + "failedAttempts": 0 + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pan_ha_info.py b/ansible_collections/cisco/ise/plugins/modules/pan_ha_info.py new file mode 100644 index 00000000..6a6ae62b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pan_ha_info.py @@ -0,0 +1,66 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pan_ha_info +short_description: Information module for Pan Ha +description: +- Get all Pan Ha. +- > + In a high availability configuration, the primary PAN is in active state. The secondary PAN backup PAN is in standby state, which means that it receives + all the configuration updates from the primary PAN, but is not active in the Cisco ISE cluster. You can configure Cisco ISE to automatically promote the + secondary PAN when the primary PAN becomes unavailable. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for PAN HA + description: Complete reference of the PAN HA API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + pan_ha.PanHa.get_pan_ha_status, + + - Paths used are + get /api/v1/deployment/pan-ha, + +""" + +EXAMPLES = r""" +- name: Get all Pan Ha + cisco.ise.pan_ha_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "failedAttempts": 0, + "isEnabled": true, + "pollingInterval": 0, + "primaryHealthCheckNode": { + "hostname": "string" + }, + "secondaryHealthCheckNode": { + "hostname": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pan_ha_update.py b/ansible_collections/cisco/ise/plugins/modules/pan_ha_update.py new file mode 100644 index 00000000..6f0526a0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pan_ha_update.py @@ -0,0 +1,89 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pan_ha_update +short_description: Resource module for Pan Ha Update +description: +- Manage operation update of the resource Pan Ha Update. +- To deploy the auto-failover feature, you must have at least three nodes, where. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + failedAttempts: + description: Failover occurs if the primary PAN is down for the specified number + of failure polls. Count (2 - 60).
The default value is 5. + type: int + isEnabled: + description: IsEnabled flag. + type: bool + pollingInterval: + description: Administration nodes are checked after each interval. Seconds (30 - + 300)
The default value is 120. + type: int + primaryHealthCheckNode: + description: Pan Ha Update's primaryHealthCheckNode. + suboptions: + hostname: + description: Pan Ha Update's hostname. + type: str + type: dict + secondaryHealthCheckNode: + description: Pan Ha Update's secondaryHealthCheckNode. + suboptions: + hostname: + description: Pan Ha Update's hostname. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for PAN HA + description: Complete reference of the PAN HA API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!deployment-openapi +notes: + - SDK Method used are + pan_ha.PanHa.update_pan_ha, + + - Paths used are + put /api/v1/deployment/pan-ha, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.pan_ha_update: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + failedAttempts: 0 + isEnabled: true + pollingInterval: 0 + primaryHealthCheckNode: + hostname: string + secondaryHealthCheckNode: + hostname: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/patch_info.py b/ansible_collections/cisco/ise/plugins/modules/patch_info.py new file mode 100644 index 00000000..ec427e64 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/patch_info.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: patch_info +short_description: Information module for Patch +description: +- Get all Patch. +- List all the installed patches in the system, with the patch number for rollback. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.list_installed_patches, + + - Paths used are + get /api/v1/patch, + +""" + +EXAMPLES = r""" +- name: Get all Patch + cisco.ise.patch_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "iseVersion": "string", + "patchVersion": [ + { + "installDate": "string", + "patchNumber": 0 + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/patch_install.py b/ansible_collections/cisco/ise/plugins/modules/patch_install.py new file mode 100644 index 00000000..94d41ea7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/patch_install.py @@ -0,0 +1,68 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: patch_install +short_description: Resource module for Patch Install +description: +- Manage operation create of the resource Patch Install. +- > + Triggers patch installation on the Cisco ISE node. A task ID is returned which can be used to monitor the progress of the patch installation process. As + the patch installation triggers the Cisco ISE to restart, the task API becomes unavailable for a certain period of time. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + patchName: + description: Patch Install's patchName. + type: str + repositoryName: + description: Patch Install's repositoryName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.install_patch, + + - Paths used are + post /api/v1/patch/install, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.patch_install: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + patchName: string + repositoryName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/patch_rollback.py b/ansible_collections/cisco/ise/plugins/modules/patch_rollback.py new file mode 100644 index 00000000..f82dc23d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/patch_rollback.py @@ -0,0 +1,64 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: patch_rollback +short_description: Resource module for Patch Rollback +description: +- Manage operation create of the resource Patch Rollback. +- > + Triggers patch rollback on the Cisco ISE node. A task ID is returned which can be used to monitor the progress of the patch rollback process. As the + patch rollback triggers the Cisco ISE to restart, the task API becomes unavailable for a certain period of time. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + patchNumber: + description: Patch Rollback's patchNumber. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Patching + description: Complete reference of the Patching API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!patch-and-hot-patch-openapi +notes: + - SDK Method used are + patching.Patching.rollback_patch, + + - Paths used are + post /api/v1/patch/rollback, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.patch_rollback: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + patchNumber: 0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/personas_check_standalone.py b/ansible_collections/cisco/ise/plugins/modules/personas_check_standalone.py new file mode 100644 index 00000000..c8053dfd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/personas_check_standalone.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: personas_check_standalone +short_description: Ensure the node is in standalone mode +description: +- Ensure the mode is in standalone mode +version_added: '0.0.8' +author: Rafael Campos (@racampos) +options: + ip: + description: + - The IP address of the node + type: str + username: + description: + - The username for the node. + type: str + password: + description: + - The password for the node. + type: str + hostname: + description: + - The hostname for the node for which the certificate will be exported. + type: str + ise_verify: + description: + - Whether or not to verify the identity of the node. + type: bool + ise_version: + description: + - The version of the ISE node. + type: str + ise_wait_on_rate_limit: + description: + - Whether or not to wait on rate limit + type: bool +requirements: +- requests >= 2.25.1 +- python >= 3.5 +seealso: +# Reference by module name +- module: cisco.ise.plugins.modules.personas_check_standalone +notes: + - "Does not support C(check_mode)" +""" + +EXAMPLES = r""" +- name: Check if all nodes are in STANDALONE state + cisco.ise.personas_check_standalone: + ip: "{{ item.ip }}" + username: admin + password: cisco123 + hostname: "{{ item.hostname }}" + loop: + - ip: 10.1.1.1 + hostname: ise-pan-server-1 + - ip: 10.1.1.2 + hostname: ise-pan-server-2 + - ip: 10.1.1.3 + hostname: ise-psn-server-1 + - ip: 10.1.1.4 + hostname: ise-psn-server-2 +""" + +RETURN = r""" +ise_response: + description: A string stating that the node is in standalone mode + returned: always + type: str + sample: Node ise-pan-server-1 is in STANDALONE mode +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/personas_export_certs.py b/ansible_collections/cisco/ise/plugins/modules/personas_export_certs.py new file mode 100644 index 00000000..18717268 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/personas_export_certs.py @@ -0,0 +1,99 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: personas_export_certs +short_description: Export certificate into primary node +description: +- Export certificate into primary node +version_added: '0.0.8' +author: Rafael Campos (@racampos) +options: + primary_ip: + description: + - The IP address of the primary node. + type: str + primary_username: + description: + - The username for the primary node. + type: str + primary_password: + description: + - The password for the primary node. + type: str + name: + description: + - The name of the node for which the certificate will be exported. + type: str + ip: + description: + - The IP address of the node for which the certificate will be exported. + type: str + hostname: + description: + - The hostname for the node for which the certificate will be exported. + type: str + username: + description: + - The username for the node for which the certificate will be exported. + type: str + password: + description: + - The password for the node for which the certificate will be exported. + type: str + ise_verify: + description: + - Whether or not to verify the identity of the node. + type: bool + ise_version: + description: + - The version of the ISE node. + type: str + ise_wait_on_rate_limit: + description: + - Whether or not to wait on rate limit + type: bool +requirements: +- requests >= 2.25.1 +- python >= 3.5 +seealso: +# Reference by module name +- module: cisco.ise.plugins.modules.personas_export_certs +notes: + - "Does not support C(check_mode)" +""" + +EXAMPLES = r""" +- name: Export trusted certificates into primary node + cisco.ise.personas_export_certs: + primary_ip: 10.1.1.1 + primary_username: admin + primary_password: cisco123 + name: "{{ item.name }}" + ip: "{{ item.ip }}" + hostname: "{{ item.hostname }}" + username: admin + password: cisco123 + loop: + - name: ISE PAN Server 2 + ip: 10.1.1.2 + hostname: ise-pan-server-2 + - name: ISE PSN Server 1 + ip: 10.1.1.3 + hostname: ise-psn-server-1 + - name: ISE PSN Server 2 + ip: 10.1.1.4 + hostname: ise-psn-server-2 +""" + +RETURN = r""" +ise_response: + description: A text string stating that the certificate was exported successfully. + returned: always + type: str + sample: The certificate for ISE PAN Server 2 was exported successfully to the primary node +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/personas_promote_primary.py b/ansible_collections/cisco/ise/plugins/modules/personas_promote_primary.py new file mode 100644 index 00000000..428c4823 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/personas_promote_primary.py @@ -0,0 +1,64 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: personas_promote_primary +short_description: Promote a node as the primary node +description: +- Promote a node as the primary node +version_added: '0.0.8' +author: Rafael Campos (@racampos) +options: + ip: + description: + - The IP address of the primary node + type: str + username: + description: + - The username to log into the primary node. + type: str + password: + description: + - The password to log into the primary node. + type: str + ise_verify: + description: + - Whether or not to verify the identity of the node. + type: bool + ise_version: + description: + - The version of the ISE node. + type: str + ise_wait_on_rate_limit: + description: + - Whether or not to wait on rate limit + type: bool +requirements: +- requests >= 2.25.1 +- python >= 3.5 +seealso: +# Reference by module name +- module: cisco.ise.plugins.modules.personas_promote_primary +notes: + - "Does not support C(check_mode)" +""" + +EXAMPLES = r""" +- name: Promote primary node + cisco.ise.personas_promote_primary: + ip: 10.1.1.1 + username: admin + password: Cisco123 +""" + +RETURN = r""" +ise_response: + description: A string stating that the node was promoted to primary + returned: always + type: str + sample: Primary node was successfully updated +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/personas_register_node.py b/ansible_collections/cisco/ise/plugins/modules/personas_register_node.py new file mode 100644 index 00000000..33830f41 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/personas_register_node.py @@ -0,0 +1,108 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: personas_register_node +short_description: Register a node to the primary +description: +- Register a node to the primary +version_added: '2.4.0' +author: Rafael Campos (@racampos) +options: + primary_ip: + description: + - The IP address of the primary node. + type: str + primary_username: + description: + - The username for the primary node. + type: str + primary_password: + description: + - The password for the primary node. + type: str + fqdn: + description: + - The fully qualified domain name of the node. + type: str + username: + description: + - The username to log into the node. + type: str + password: + description: + - The password to log into the node. + type: str + roles: + description: + - "The roles to be fulfilled by this node. Possible roles are PrimaryAdmin, SecondaryAdmin, \ + PrimaryMonitoring, SecondaryMonitoring, PrimaryDedicatedMonitoring, SecondaryDedicatedMonitoring, Standalone" + type: list + elements: str + services: + description: + - The services this node will run. Possible services are Session, Profiler, TC-NAC, SXP, DeviceAdmin, PassiveIdentity, pxGrid, pxGridCloud + type: list + elements: str + ise_verify: + description: + - Whether or not to verify the identity of the node. + type: bool + ise_version: + description: + - The version of the ISE node. + type: str + ise_wait_on_rate_limit: + description: + - Whether or not to wait on rate limit + type: bool +requirements: +- requests >= 2.25.1 +- python >= 3.5 +seealso: +# Reference by module name +- module: cisco.ise.plugins.modules.personas_register_node +notes: + - "Does not support C(check_mode)" +""" + +EXAMPLES = r""" +- name: Register the secondary node and PSN nodes to the cluster + cisco.ise.personas_register_node: + primary_ip: 10.1.1.1 + primary_username: admin + primary_password: Cisco123 + fqdn: "{{ item.fqdn }}" + username: admin + password: cisco123 + roles: "{{ item.roles }}" + services: "{{ item.services }}" + loop: + - fqdn: ise-pan-server-2.example.com + roles: + - SecondaryAdmin + - SecondaryMonitoring + services: [] + - fqdn: ise-psn-server-1.example.com + roles: [] + services: + - Session + - Profiler + - fqdn: ise-psn-server-2.example.com + roles: [] + services: + - Session + - Profiler +""" + +RETURN = r""" +ise_response: + description: A string stating that the node was successfully registered + returned: always + type: str + sample: Node ise-pan-server-2 updated successfully +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/personas_update_roles_services.py b/ansible_collections/cisco/ise/plugins/modules/personas_update_roles_services.py new file mode 100644 index 00000000..ce4560fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/personas_update_roles_services.py @@ -0,0 +1,83 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: personas_update_roles_services +short_description: Update the roles and services of a node +description: +- Update the roles and services of a node +version_added: '2.4.0' +author: Rafael Campos (@racampos) +options: + ip: + description: + - The IP address of the node to be updated. + type: str + username: + description: + - The username to log into the node. + type: str + password: + description: + - The password to log into the node. + type: str + hostname: + description: + - The hostname of the node. + type: str + roles: + description: + - "The roles to be fulfilled by this node. Possible roles are PrimaryAdmin, SecondaryAdmin, \ + PrimaryMonitoring, SecondaryMonitoring, PrimaryDedicatedMonitoring, SecondaryDedicatedMonitoring, Standalone" + type: list + elements: str + services: + description: + - The services this node will run. Possible services are Session, Profiler, TC-NAC, SXP, DeviceAdmin, PassiveIdentity, pxGrid, pxGridCloud + type: list + elements: str + ise_verify: + description: + - Whether or not to verify the identity of the node. + type: bool + ise_version: + description: + - The version of the ISE node. + type: str + ise_wait_on_rate_limit: + description: + - Whether or not to wait on rate limit + type: bool +requirements: +- requests >= 2.25.1 +- python >= 3.5 +seealso: +# Reference by module name +- module: cisco.ise.plugins.modules.personas_update_roles_services +notes: + - "Does not support C(check_mode)" +""" + +EXAMPLES = r""" +- name: Remove the Primary Monitoring role and the Session and Profiler services from the primary node + cisco.ise.personas_update_roles_services: + ip: 10.1.1.1 + username: admin + password: C1sco123 + hostname: ise-pan-server-1 + roles: + - PrimaryAdmin + services: [] +""" + +RETURN = r""" +ise_response: + description: A string stating that the node was successfully updated + returned: always + type: str + sample: Node ise-pan-server-1 updated successfully +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/portal_global_setting.py b/ansible_collections/cisco/ise/plugins/modules/portal_global_setting.py new file mode 100644 index 00000000..5c3e74e1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/portal_global_setting.py @@ -0,0 +1,86 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: portal_global_setting +short_description: Resource module for Portal Global Setting +description: +- Manage operation update of the resource Portal Global Setting. +- This API allows the client to update the portal global settings by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customization: + description: Allowed values - HTML, - HTMLANDJAVASCRIPT. + type: str + id: + description: Portal Global Setting's id. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + portal_global_setting.PortalGlobalSetting.update_portal_global_setting_by_id, + + - Paths used are + put /ers/config/portalglobalsetting/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.portal_global_setting: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customization: string + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "customization": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/portal_global_setting_info.py b/ansible_collections/cisco/ise/plugins/modules/portal_global_setting_info.py new file mode 100644 index 00000000..e0bc9c26 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/portal_global_setting_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: portal_global_setting_info +short_description: Information module for Portal Global Setting +description: +- Get all Portal Global Setting. +- Get Portal Global Setting by id. +- This API allows the client to get all the portal global settings. +- This API allows the client to get the portal global settings by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + portal_global_setting.PortalGlobalSetting.get_portal_global_setting_by_id, + portal_global_setting.PortalGlobalSetting.get_portal_global_settings_generator, + + - Paths used are + get /ers/config/portalglobalsetting, + get /ers/config/portalglobalsetting/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Portal Global Setting + cisco.ise.portal_global_setting_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Portal Global Setting by id + cisco.ise.portal_global_setting_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "customization": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "customization": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/portal_info.py b/ansible_collections/cisco/ise/plugins/modules/portal_info.py new file mode 100644 index 00000000..315df083 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/portal_info.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: portal_info +short_description: Information module for Portal +description: +- Get all Portal. +- Get Portal by id. +- This API allows the client to get a portal by ID. +- This API allows the client to get all the portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + portal.Portal.get_portal_by_id, + portal.Portal.get_portals_generator, + + - Paths used are + get /ers/config/portal, + get /ers/config/portal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Portal + cisco.ise.portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Portal by id + cisco.ise.portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/portal_theme.py b/ansible_collections/cisco/ise/plugins/modules/portal_theme.py new file mode 100644 index 00000000..f2099274 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/portal_theme.py @@ -0,0 +1,122 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: portal_theme +short_description: Resource module for Portal Theme +description: +- Manage operations create, update and delete of the resource Portal Theme. +- This API creates a portal theme. +- This API deletes a portal theme by ID. +- This API allows the client to update a portal theme by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Portal Theme's description. + type: str + id: + description: Portal Theme's id. + type: str + name: + description: Portal Theme's name. + type: str + themeData: + description: Portal Theme for all portals. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + portal_theme.PortalTheme.create_portal_theme, + portal_theme.PortalTheme.delete_portal_theme_by_id, + portal_theme.PortalTheme.update_portal_theme_by_id, + + - Paths used are + post /ers/config/portaltheme, + delete /ers/config/portaltheme/{id}, + put /ers/config/portaltheme/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.portal_theme: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + themeData: string + +- name: Delete by id + cisco.ise.portal_theme: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.portal_theme: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + name: string + themeData: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "themeData": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/portal_theme_info.py b/ansible_collections/cisco/ise/plugins/modules/portal_theme_info.py new file mode 100644 index 00000000..eaa5a691 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/portal_theme_info.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: portal_theme_info +short_description: Information module for Portal Theme +description: +- Get all Portal Theme. +- Get Portal Theme by id. +- This API allows the client to get a portal theme by ID. +- This API allows the client to get all the portal themes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + portal_theme.PortalTheme.get_portal_theme_by_id, + portal_theme.PortalTheme.get_portal_themes_generator, + + - Paths used are + get /ers/config/portaltheme, + get /ers/config/portaltheme/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Portal Theme + cisco.ise.portal_theme_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Portal Theme by id + cisco.ise.portal_theme_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "themeData": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "themeData": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/profiler_profile_info.py b/ansible_collections/cisco/ise/plugins/modules/profiler_profile_info.py new file mode 100644 index 00000000..be32314d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/profiler_profile_info.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: profiler_profile_info +short_description: Information module for Profiler Profile +description: +- Get all Profiler Profile. +- Get Profiler Profile by id. +- This API allows the client to get a profiler profile by ID. +- This API allows the client to get all the profiler profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + profiler_profile.ProfilerProfile.get_profiler_profile_by_id, + profiler_profile.ProfilerProfile.get_profiler_profiles_generator, + + - Paths used are + get /ers/config/profilerprofile, + get /ers/config/profilerprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Profiler Profile + cisco.ise.profiler_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Profiler Profile by id + cisco.ise.profiler_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "parentId": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "parentId": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings.py b/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings.py new file mode 100644 index 00000000..92f4ad27 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings.py @@ -0,0 +1,101 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: proxy_connection_settings +short_description: Resource module for Proxy Connection Settings +description: +- Manage operation update of the resource Proxy Connection Settings. +- The following functionalities are impacted by the proxy settings. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + bypassHosts: + description: Bypass hosts for the proxy connection. + type: str + fqdn: + description: Proxy IP address or DNS-resolvable host name. + type: str + password: + description: Password for the proxy connection. + type: str + passwordRequired: + description: Indicates whether password configuration is required for Proxy. + type: bool + port: + description: Port for proxy connection. Should be between 1 and 65535. + type: int + userName: + description: User name for the proxy connection. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for proxy + description: Complete reference of the proxy API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!system-settings-openapi +notes: + - SDK Method used are + proxy.Proxy.update_proxy_connection, + + - Paths used are + put /api/v1/system-settings/proxy, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.proxy_connection_settings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + bypassHosts: string + fqdn: string + password: string + passwordRequired: true + port: 0 + userName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bypassHosts": "string", + "fqdn": "string", + "password": "string", + "passwordRequired": true, + "port": 0, + "userName": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "bypassHosts": "string", + "fqdn": "string", + "password": "string", + "passwordRequired": true, + "port": 0, + "userName": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings_info.py b/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings_info.py new file mode 100644 index 00000000..d14440bd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/proxy_connection_settings_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: proxy_connection_settings_info +short_description: Information module for Proxy Connection Settings +description: +- Get all Proxy Connection Settings. +- The following functionalities are impacted by the proxy settings. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for proxy + description: Complete reference of the proxy API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!system-settings-openapi +notes: + - SDK Method used are + proxy.Proxy.get_proxy_connection, + + - Paths used are + get /api/v1/system-settings/proxy, + +""" + +EXAMPLES = r""" +- name: Get all Proxy Connection Settings + cisco.ise.proxy_connection_settings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bypassHosts": "string", + "fqdn": "string", + "password": "string", + "passwordRequired": true, + "port": 0, + "userName": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/px_grid_node_approve.py b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_approve.py new file mode 100644 index 00000000..172dab5f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_approve.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: px_grid_node_approve +short_description: Resource module for Px Grid Node Approve +description: +- Manage operation update of the resource Px Grid Node Approve. +- This API allows the client to approve a pxGrid node. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.approve_px_grid_node, + + - Paths used are + put /ers/config/pxgridnode/name/{name}/approve, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.px_grid_node_approve: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/px_grid_node_delete.py b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_delete.py new file mode 100644 index 00000000..a620e17c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_delete.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: px_grid_node_delete +short_description: Resource module for Px Grid Node Delete +description: +- Manage operation delete of the resource Px Grid Node Delete. +- This API deletes a pxGrid node by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.delete_px_grid_node_by_name, + + - Paths used are + delete /ers/config/pxgridnode/name/{name}, + +""" + +EXAMPLES = r""" +- name: Delete by name + cisco.ise.px_grid_node_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/px_grid_node_info.py b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_info.py new file mode 100644 index 00000000..43f0e957 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/px_grid_node_info.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: px_grid_node_info +short_description: Information module for Px Grid Node +description: +- Get all Px Grid Node. +- Get Px Grid Node by id. +- Get Px Grid Node by name. +- This API allows the client to get a pxGrid node by ID. +- This API allows the client to get a pxGrid node by name. +- This API allows the client to get all the npxGrid nodes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.get_px_grid_node_by_id, + px_grid_node.PxGridNode.get_px_grid_node_by_name, + px_grid_node.PxGridNode.get_px_grid_node_generator, + + - Paths used are + get /ers/config/pxgridnode, + get /ers/config/pxgridnode/name/{name}, + get /ers/config/pxgridnode/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Px Grid Node + cisco.ise.px_grid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Px Grid Node by id + cisco.ise.px_grid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Px Grid Node by name + cisco.ise.px_grid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "status": "string", + "authMethod": "string", + "groups": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "status": "string", + "authMethod": "string", + "groups": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/px_grid_settings_auto_approve.py b/ansible_collections/cisco/ise/plugins/modules/px_grid_settings_auto_approve.py new file mode 100644 index 00000000..886991e9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/px_grid_settings_auto_approve.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: px_grid_settings_auto_approve +short_description: Resource module for Px Grid Settings Auto Approve +description: +- Manage operation update of the resource Px Grid Settings Auto Approve. +- This API allows the client to auto approve the pxGrid settings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowPasswordBasedAccounts: + description: Allow password based accounts when true. + type: bool + autoApproveCertBasedAccounts: + description: Auto approve certificate based accounts when true. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_settings.PxGridSettings.autoapprove_px_grid_settings, + + - Paths used are + put /ers/config/pxgridsettings/autoapprove, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.px_grid_settings_auto_approve: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + allowPasswordBasedAccounts: true + autoApproveCertBasedAccounts: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_access_secret.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_access_secret.py new file mode 100644 index 00000000..dca5b999 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_access_secret.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_access_secret +short_description: Resource module for pxGrid Access Secret +description: +- Manage operation create of the resource pxGrid Access Secret. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + peerNodeName: + description: pxGrid Access Secret's peerNodeName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + consumer.Consumer.access_secret, + + - Paths used are + post /control/AccessSecret, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_access_secret: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + peerNodeName: ise-admin-pxgrid-002 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_activate.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_activate.py new file mode 100644 index 00000000..8e2571b0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_activate.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_account_activate +short_description: Resource module for pxGrid Account Activate +description: +- Manage operation create of the resource pxGrid Account Activate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: pxGrid Account Activate's description. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + consumer.Consumer.activate_account, + + - Paths used are + post /control/AccountActivate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_account_activate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + description: MyApp 1.0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_create.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_create.py new file mode 100644 index 00000000..4de7c868 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_account_create.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_account_create +short_description: Resource module for pxGrid Account Create +description: +- Manage operation create of the resource pxGrid Account Create. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + nodeName: + description: pxGrid Account Create's nodeName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + consumer.Consumer.create_account, + + - Paths used are + post /control/AccountCreate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_account_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + nodeName: MyName01 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_authorization.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_authorization.py new file mode 100644 index 00000000..7eaf7442 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_authorization.py @@ -0,0 +1,47 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_authorization +short_description: Resource module for pxGrid Authorization +description: +- Manage operation create of the resource pxGrid Authorization. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + provider.Provider.authorization, + + - Paths used are + post /control/Authorization, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_authorization: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_bindings_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_bindings_info.py new file mode 100644 index 00000000..9a27324c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_bindings_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_bindings_info +short_description: Information module for pxGrid Bindings Info +description: +- Get pxGrid Bindings Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + trust_sec_sxp.TrustSecSxp.get_bindings, + + - Paths used are + post /ise/sxp/getBindings, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Bindings Info + cisco.ise.pxgrid_bindings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_matrices_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_matrices_info.py new file mode 100644 index 00000000..33b2e21e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_matrices_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_egress_matrices_info +short_description: Information module for pxGrid Egress Matrices Info +description: +- Get pxGrid Egress Matrices Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + trust_sec_configuration.TrustSecConfiguration.get_egress_matrices, + + - Paths used are + post /ise/config/trustsec/getEgressMatrices, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Egress Matrices Info + cisco.ise.pxgrid_egress_matrices_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_policies_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_policies_info.py new file mode 100644 index 00000000..38f89a6a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_egress_policies_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_egress_policies_info +short_description: Information module for pxGrid Egress Policies Info +description: +- Get pxGrid Egress Policies Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + trust_sec_configuration.TrustSecConfiguration.get_egress_policies, + + - Paths used are + post /ise/config/trustsec/getEgressPolicies, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Egress Policies Info + cisco.ise.pxgrid_egress_policies_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoint_by_mac_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoint_by_mac_info.py new file mode 100644 index 00000000..49bcc5e5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoint_by_mac_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_endpoint_by_mac_info +short_description: Information module for pxGrid Endpoint By Mac Info +description: +- Get pxGrid Endpoint By Mac Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + mdm.Mdm.get_endpoint_by_mac_address, + + - Paths used are + post /ise/mdm/getEndpointByMacAddress, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Endpoint By Mac Info + cisco.ise.pxgrid_endpoint_by_mac_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_os_type_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_os_type_info.py new file mode 100644 index 00000000..15a6ff34 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_os_type_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_endpoints_by_os_type_info +short_description: Information module for pxGrid Endpoints By Os Type Info +description: +- Get pxGrid Endpoints By Os Type Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + mdm.Mdm.get_endpoints_by_os_type, + + - Paths used are + post /ise/mdm/getEndpointsByOsType, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Endpoints By Os Type Info + cisco.ise.pxgrid_endpoints_by_os_type_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_type_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_type_info.py new file mode 100644 index 00000000..bdedd95d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_by_type_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_endpoints_by_type_info +short_description: Information module for pxGrid Endpoints By Type Info +description: +- Get pxGrid Endpoints By Type Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + mdm.Mdm.get_endpoints_by_type, + + - Paths used are + post /ise/mdm/getEndpointsByType, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Endpoints By Type Info + cisco.ise.pxgrid_endpoints_by_type_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_info.py new file mode 100644 index 00000000..eec04621 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_endpoints_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_endpoints_info +short_description: Information module for pxGrid Endpoints Info +description: +- Get pxGrid Endpoints Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + mdm.Mdm.get_endpoints, + + - Paths used are + post /ise/mdm/getEndpoints, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Endpoints Info + cisco.ise.pxgrid_endpoints_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_failures_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_failures_info.py new file mode 100644 index 00000000..475b9224 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_failures_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_failures_info +short_description: Information module for pxGrid Failures +description: +- Get all pxGrid Failures. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + radius_failure.RadiusFailure.get_failures, + + - Paths used are + get /getFailures, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Failures + cisco.ise.pxgrid_failures_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_healths_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_healths_info.py new file mode 100644 index 00000000..d247161b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_healths_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_healths_info +short_description: Information module for pxGrid Healths Info +description: +- Get pxGrid Healths Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + system_health.SystemHealth.get_healths, + + - Paths used are + post /ise/system/getHealths, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Healths Info + cisco.ise.pxgrid_healths_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_approve.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_approve.py new file mode 100644 index 00000000..c58e4419 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_approve.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_node_approve +short_description: Resource module for pxGrid Node Approve +description: +- Manage operation update of the resource pxGrid Node Approve. +- This API allows the client to approve a pxGrid node. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.approve_px_grid_node, + + - Paths used are + put /ers/config/pxgridnode/name/{name}/approve, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.pxgrid_node_approve: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_delete.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_delete.py new file mode 100644 index 00000000..5248f7a1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_delete.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_node_delete +short_description: Resource module for pxGrid Node Delete +description: +- Manage operation delete of the resource pxGrid Node Delete. +- This API deletes a pxGrid node by name. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: Name path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.delete_px_grid_node_by_name, + + - Paths used are + delete /ers/config/pxgridnode/name/{name}, + +""" + +EXAMPLES = r""" +- name: Delete by name + cisco.ise.pxgrid_node_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_info.py new file mode 100644 index 00000000..19f71636 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_node_info.py @@ -0,0 +1,128 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_node_info +short_description: Information module for pxGrid Node +description: +- Get all pxGrid Node. +- Get pxGrid Node by id. +- Get pxGrid Node by name. +- This API allows the client to get a pxGrid node by ID. +- This API allows the client to get a pxGrid node by name. +- This API allows the client to get all the npxGrid nodes. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_node.PxGridNode.get_px_grid_node_by_id, + px_grid_node.PxGridNode.get_px_grid_node_by_name, + px_grid_node.PxGridNode.get_px_grid_node_generator, + + - Paths used are + get /ers/config/pxgridnode, + get /ers/config/pxgridnode/name/{name}, + get /ers/config/pxgridnode/{id}, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Node + cisco.ise.pxgrid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get pxGrid Node by id + cisco.ise.pxgrid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get pxGrid Node by name + cisco.ise.pxgrid_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "status": "string", + "authMethod": "string", + "groups": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "status": "string", + "authMethod": "string", + "groups": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_performances_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_performances_info.py new file mode 100644 index 00000000..9f14887e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_performances_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_performances_info +short_description: Information module for pxGrid Performances Info +description: +- Get pxGrid Performances Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + system_health.SystemHealth.get_performances, + + - Paths used are + post /ise/system/getPerformances, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Performances Info + cisco.ise.pxgrid_performances_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_profiles_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_profiles_info.py new file mode 100644 index 00000000..94944e78 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_profiles_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_profiles_info +short_description: Information module for pxGrid Profiles Info +description: +- Get pxGrid Profiles Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + profiler.Profiler.get_profiles, + + - Paths used are + post /ise/config/profiler/getProfiles, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Profiles Info + cisco.ise.pxgrid_profiles_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_group_acls_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_group_acls_info.py new file mode 100644 index 00000000..b003c914 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_group_acls_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_security_group_acls_info +short_description: Information module for pxGrid Security Group ACLs Info +description: +- Get pxGrid Security Group ACLs Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + trust_sec_configuration.TrustSecConfiguration.get_security_group_acls, + + - Paths used are + post /ise/config/trustsec/getSecurityGroupAcls, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Security Group ACLs Info + cisco.ise.pxgrid_security_group_acls_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_groups_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_groups_info.py new file mode 100644 index 00000000..dd6867c4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_security_groups_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_security_groups_info +short_description: Information module for pxGrid Security Groups Info +description: +- Get pxGrid Security Groups Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + trust_sec_configuration.TrustSecConfiguration.get_security_groups, + + - Paths used are + post /ise/config/trustsec/getSecurityGroups, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Security Groups Info + cisco.ise.pxgrid_security_groups_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_lookup.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_lookup.py new file mode 100644 index 00000000..5787aecb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_lookup.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_service_lookup +short_description: Resource module for pxGrid Service Lookup +description: +- Manage operation create of the resource pxGrid Service Lookup. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: pxGrid Service Lookup's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + consumer.Consumer.lookup_service, + + - Paths used are + post /control/ServiceLookup, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_service_lookup: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: com.cisco.ise.pubsub + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_register.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_register.py new file mode 100644 index 00000000..c78f2df8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_register.py @@ -0,0 +1,51 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_service_register +short_description: Resource module for pxGrid Service Register +description: +- Manage operation create of the resource pxGrid Service Register. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + name: + description: pxGrid Service Register's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + provider.Provider.register_service, + + - Paths used are + post /control/ServiceRegister, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_service_register: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: com.cisco.ise.pubsub + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_reregister.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_reregister.py new file mode 100644 index 00000000..a79a00dd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_reregister.py @@ -0,0 +1,47 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_service_reregister +short_description: Resource module for pxGrid Service Reregister +description: +- Manage operation create of the resource pxGrid Service Reregister. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + provider.Provider.reregister_service, + + - Paths used are + post /control/ServiceReregister, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_service_reregister: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_unregister.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_unregister.py new file mode 100644 index 00000000..f0316a4f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_service_unregister.py @@ -0,0 +1,47 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_service_unregister +short_description: Resource module for pxGrid Service Unregister +description: +- Manage operation create of the resource pxGrid Service Unregister. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + provider.Provider.unregister_service, + + - Paths used are + post /control/ServiceUnregister, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.pxgrid_service_unregister: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_ip_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_ip_info.py new file mode 100644 index 00000000..6260c36e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_ip_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_session_by_ip_info +short_description: Information module for pxGrid Session By Ip Info +description: +- Get pxGrid Session By Ip Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_session_by_ip_address, + + - Paths used are + post /ise/session/getSessionByIpAddress, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Session By Ip Info + cisco.ise.pxgrid_session_by_ip_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_mac_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_mac_info.py new file mode 100644 index 00000000..6ddea664 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_by_mac_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_session_by_mac_info +short_description: Information module for pxGrid Session By Mac Info +description: +- Get pxGrid Session By Mac Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_session_by_mac_address, + + - Paths used are + post /ise/session/getSessionByMacAddress, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Session By Mac Info + cisco.ise.pxgrid_session_by_mac_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_for_recovery_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_for_recovery_info.py new file mode 100644 index 00000000..c9b3c975 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_session_for_recovery_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_session_for_recovery_info +short_description: Information module for pxGrid Session For Recovery Info +description: +- Get pxGrid Session For Recovery Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_sessions_for_recovery, + + - Paths used are + post /ise/session/getSessionsForRecovery, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Session For Recovery Info + cisco.ise.pxgrid_session_for_recovery_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_sessions_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_sessions_info.py new file mode 100644 index 00000000..bf910ac3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_sessions_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_sessions_info +short_description: Information module for pxGrid Sessions Info +description: +- Get pxGrid Sessions Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_sessions, + + - Paths used are + post /ise/session/getSessions, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid Sessions Info + cisco.ise.pxgrid_sessions_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_settings_auto_approve.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_settings_auto_approve.py new file mode 100644 index 00000000..fb1b90ca --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_settings_auto_approve.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_settings_auto_approve +short_description: Resource module for pxGrid Settings Auto Approve +description: +- Manage operation update of the resource pxGrid Settings Auto Approve. +- This API allows the client to auto approve the pxGrid settings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowPasswordBasedAccounts: + description: Allow password based accounts when true. + type: bool + autoApproveCertBasedAccounts: + description: Auto approve certificate based accounts when true. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + px_grid_settings.PxGridSettings.autoapprove_px_grid_settings, + + - Paths used are + put /ers/config/pxgridsettings/autoapprove, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.pxgrid_settings_auto_approve: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + allowPasswordBasedAccounts: true + autoApproveCertBasedAccounts: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_group_by_username_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_group_by_username_info.py new file mode 100644 index 00000000..a7667adb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_group_by_username_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_user_group_by_username_info +short_description: Information module for pxGrid User Group By Username Info +description: +- Get pxGrid User Group By Username Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_user_group_by_user_name, + + - Paths used are + post /ise/session/getUserGroupByUserName, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid User Group By Username Info + cisco.ise.pxgrid_user_group_by_username_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_groups_info.py b/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_groups_info.py new file mode 100644 index 00000000..407c42f8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/pxgrid_user_groups_info.py @@ -0,0 +1,48 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: pxgrid_user_groups_info +short_description: Information module for pxGrid User Groups Info +description: +- Get pxGrid User Groups Info. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + session_directory.SessionDirectory.get_user_groups, + + - Paths used are + post /ise/session/getUserGroups, + +""" + +EXAMPLES = r""" +- name: Get all pxGrid User Groups Info + cisco.ise.pxgrid_user_groups_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence.py b/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence.py new file mode 100644 index 00000000..6bf112bd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence.py @@ -0,0 +1,267 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: radius_server_sequence +short_description: Resource module for RADIUS Server Sequence +description: +- Manage operations create, update and delete of the resource RADIUS Server Sequence. +- This API creates a RADIUS server sequence. +- This API deletes a RADIUS server sequence. +- This API allows the client to update a RADIUS server sequence. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + BeforeAcceptAttrManipulatorsList: + description: The beforeAcceptAttrManipulators is required only if useAttrSetBeforeAcc + is true. + elements: dict + suboptions: + action: + description: Allowed Values - ADD, - UPDATE, - REMOVE, - REMOVEANY. + type: str + attributeName: + description: RADIUS Server Sequence's attributeName. + type: str + changedVal: + description: The changedVal is required only if the action equals to 'UPDATE'. + type: str + dictionaryName: + description: RADIUS Server Sequence's dictionaryName. + type: str + value: + description: RADIUS Server Sequence's value. + type: str + type: list + OnRequestAttrManipulatorList: + description: The onRequestAttrManipulators is required only if useAttrSetOnRequest + is true. + elements: dict + suboptions: + action: + description: Allowed Values - ADD, - UPDATE, - REMOVE, - REMOVEANY. + type: str + attributeName: + description: RADIUS Server Sequence's attributeName. + type: str + changedVal: + description: The changedVal is required only if the action equals to 'UPDATE'. + type: str + dictionaryName: + description: RADIUS Server Sequence's dictionaryName. + type: str + value: + description: RADIUS Server Sequence's value. + type: str + type: list + RADIUSServerList: + description: RADIUS Server Sequence's RADIUSServerList. + elements: str + type: list + continueAuthorzPolicy: + description: ContinueAuthorzPolicy flag. + type: bool + description: + description: RADIUS Server Sequence's description. + type: str + id: + description: RADIUS Server Sequence's id. + type: str + localAccounting: + description: LocalAccounting flag. + type: bool + name: + description: RADIUS Server Sequence's name. + type: str + prefixSeparator: + description: The prefixSeparator is required only if stripPrefix is true. The maximum + length is 1 character. + type: str + remoteAccounting: + description: RemoteAccounting flag. + type: bool + stripPrefix: + description: StripPrefix flag. + type: bool + stripSuffix: + description: StripSuffix flag. + type: bool + suffixSeparator: + description: The suffixSeparator is required only if stripSuffix is true. The maximum + length is 1 character. + type: str + useAttrSetBeforeAcc: + description: UseAttrSetBeforeAcc flag. + type: bool + useAttrSetOnRequest: + description: UseAttrSetOnRequest flag. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + radius_server_sequence.RadiusServerSequence.create_radius_server_sequence, + radius_server_sequence.RadiusServerSequence.delete_radius_server_sequence_by_id, + radius_server_sequence.RadiusServerSequence.update_radius_server_sequence_by_id, + + - Paths used are + post /ers/config/radiusserversequence, + delete /ers/config/radiusserversequence/{id}, + put /ers/config/radiusserversequence/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.radius_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + BeforeAcceptAttrManipulatorsList: + - action: string + attributeName: string + changedVal: string + dictionaryName: string + value: string + OnRequestAttrManipulatorList: + - action: string + attributeName: string + changedVal: string + dictionaryName: string + value: string + RadiusServerList: + - string + continueAuthorzPolicy: true + description: string + id: string + localAccounting: true + name: string + prefixSeparator: string + remoteAccounting: true + stripPrefix: true + stripSuffix: true + suffixSeparator: string + useAttrSetBeforeAcc: true + useAttrSetOnRequest: true + +- name: Delete by id + cisco.ise.radius_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.radius_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + BeforeAcceptAttrManipulatorsList: + - action: string + attributeName: string + changedVal: string + dictionaryName: string + value: string + OnRequestAttrManipulatorList: + - action: string + attributeName: string + changedVal: string + dictionaryName: string + value: string + RadiusServerList: + - string + continueAuthorzPolicy: true + description: string + localAccounting: true + name: string + prefixSeparator: string + remoteAccounting: true + stripPrefix: true + stripSuffix: true + suffixSeparator: string + useAttrSetBeforeAcc: true + useAttrSetOnRequest: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "stripPrefix": true, + "stripSuffix": true, + "prefixSeparator": "string", + "suffixSeparator": "string", + "remoteAccounting": true, + "localAccounting": true, + "useAttrSetOnRequest": true, + "useAttrSetBeforeAcc": true, + "continueAuthorzPolicy": true, + "RadiusServerList": [ + "string" + ], + "OnRequestAttrManipulatorList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "BeforeAcceptAttrManipulatorsList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence_info.py b/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence_info.py new file mode 100644 index 00000000..91097fdd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/radius_server_sequence_info.py @@ -0,0 +1,165 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: radius_server_sequence_info +short_description: Information module for RADIUS Server Sequence +description: +- Get all RADIUS Server Sequence. +- Get RADIUS Server Sequence by id. +- This API allows the client to get a RADIUS server sequence by ID. +- This API allows the client to get all the RADIUS server sequences. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + radius_server_sequence.RadiusServerSequence.get_radius_server_sequence_by_id, + radius_server_sequence.RadiusServerSequence.get_radius_server_sequence_generator, + + - Paths used are + get /ers/config/radiusserversequence, + get /ers/config/radiusserversequence/{id}, + +""" + +EXAMPLES = r""" +- name: Get all RADIUS Server Sequence + cisco.ise.radius_server_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get RADIUS Server Sequence by id + cisco.ise.radius_server_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "stripPrefix": true, + "stripSuffix": true, + "prefixSeparator": "string", + "suffixSeparator": "string", + "remoteAccounting": true, + "localAccounting": true, + "useAttrSetOnRequest": true, + "useAttrSetBeforeAcc": true, + "continueAuthorzPolicy": true, + "RadiusServerList": [ + "string" + ], + "OnRequestAttrManipulatorList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "BeforeAcceptAttrManipulatorsList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "stripPrefix": true, + "stripSuffix": true, + "prefixSeparator": "string", + "suffixSeparator": "string", + "remoteAccounting": true, + "localAccounting": true, + "useAttrSetOnRequest": true, + "useAttrSetBeforeAcc": true, + "continueAuthorzPolicy": true, + "RadiusServerList": [ + "string" + ], + "OnRequestAttrManipulatorList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "BeforeAcceptAttrManipulatorsList": [ + { + "action": "string", + "dictionaryName": "string", + "attributeName": "string", + "value": "string", + "changedVal": "string" + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/renew_certificate.py b/ansible_collections/cisco/ise/plugins/modules/renew_certificate.py new file mode 100644 index 00000000..d91ea35b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/renew_certificate.py @@ -0,0 +1,67 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: renew_certificate +short_description: Resource module for Renew Certificate +description: +- Manage operation create of the resource Renew Certificate. +- This API initiates regeneration of certificates. Response contains ID which can be used to track the status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + certType: + description: Renew Certificate's certType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.renew_certificates, + + - Paths used are + post /api/v1/certs/renew-certificate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.renew_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + certType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/repository.py b/ansible_collections/cisco/ise/plugins/modules/repository.py new file mode 100644 index 00000000..a9236c8f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/repository.py @@ -0,0 +1,138 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: repository +short_description: Resource module for Repository +description: +- Manage operations create, update and delete of the resource Repository. +- Create a new repository in the system. The name provided for the repository must be unique. +- Long description TBD. +- Update the definition of a specific repository, providing ALL parameters for the repository. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + enablePki: + description: EnablePki flag. + type: bool + name: + description: Repository name should be less than 80 characters and can contain alphanumeric, + underscore, hyphen and dot characters. + type: str + password: + description: Password can contain alphanumeric and/or special characters. + type: str + path: + description: Path should always start with "/" and can contain alphanumeric, underscore, + hyphen and dot characters. + type: str + protocol: + description: Repository's protocol. + type: str + repositoryName: + description: RepositoryName path parameter. Unique name for a repository. + type: str + serverName: + description: Repository's serverName. + type: str + userName: + description: Username may contain alphanumeric and _-./@\\$ characters. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Repository + description: Complete reference of the Repository API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!repository-openapi +notes: + - SDK Method used are + repository.Repository.create_repository, + repository.Repository.delete_repository, + repository.Repository.update_repository, + + - Paths used are + post /api/v1/repository, + delete /api/v1/repository/{repositoryName}, + put /api/v1/repository/{repositoryName}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.repository: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + enablePki: true + name: string + password: string + path: string + protocol: string + serverName: string + userName: string + +- name: Update by name + cisco.ise.repository: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + enablePki: true + name: string + password: string + path: string + protocol: string + repositoryName: string + serverName: string + userName: string + +- name: Delete by name + cisco.ise.repository: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + repositoryName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "protocol": "string", + "path": "string", + "password": "string", + "serverName": "string", + "userName": "string", + "enablePki": true + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "success": { + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/repository_files_info.py b/ansible_collections/cisco/ise/plugins/modules/repository_files_info.py new file mode 100644 index 00000000..c70d8b7b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/repository_files_info.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: repository_files_info +short_description: Information module for Repository Files +description: +- Get all Repository Files. +- This will get the full list of files present in the named repository. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + repositoryName: + description: + - RepositoryName path parameter. Unique name for a repository. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Repository + description: Complete reference of the Repository API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!repository-openapi +notes: + - SDK Method used are + repository.Repository.get_repository_files, + + - Paths used are + get /api/v1/repository/{repositoryName}/files, + +""" + +EXAMPLES = r""" +- name: Get all Repository Files + cisco.ise.repository_files_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + repositoryName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: str + sample: > + [ + "string" + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/repository_info.py b/ansible_collections/cisco/ise/plugins/modules/repository_info.py new file mode 100644 index 00000000..524e63a9 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/repository_info.py @@ -0,0 +1,78 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: repository_info +short_description: Information module for Repository +description: +- Get all Repository. +- Get Repository by name. +- Get a specific repository identified by the name passed in the URL. +- This will get the full list of repository definitions on the system. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + repositoryName: + description: + - RepositoryName path parameter. Unique name for a repository. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Repository + description: Complete reference of the Repository API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!repository-openapi +notes: + - SDK Method used are + repository.Repository.get_repositories, + repository.Repository.get_repository, + + - Paths used are + get /api/v1/repository, + get /api/v1/repository/{repositoryName}, + +""" + +EXAMPLES = r""" +- name: Get all Repository + cisco.ise.repository_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Repository by name + cisco.ise.repository_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + repositoryName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "protocol": "string", + "path": "string", + "password": "string", + "serverName": "string", + "userName": "string", + "enablePki": true + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/resource_version_info.py b/ansible_collections/cisco/ise/plugins/modules/resource_version_info.py new file mode 100644 index 00000000..b8989b7b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/resource_version_info.py @@ -0,0 +1,62 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: resource_version_info +short_description: Information module for Resource Version +description: +- Get all Resource Version. +- Get all VersionInfo. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + resource: + description: + - Resource path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + version_info.VersionInfo.get_version_info, + + - Paths used are + get /ers/config/{resource}/versioninfo, + +""" + +EXAMPLES = r""" +- name: Get all Resource Version + cisco.ise.resource_version_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + resource: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "currentServerVersion": "string", + "supportedVersions": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/rest_id_store.py b/ansible_collections/cisco/ise/plugins/modules/rest_id_store.py new file mode 100644 index 00000000..f39aaf8d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/rest_id_store.py @@ -0,0 +1,199 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: rest_id_store +short_description: Resource module for REST Id Store +description: +- Manage operations create, update and delete of the resource REST Id Store. +- This API creates a REST ID store. +- This API deletes a REST ID store by name. +- This API deletes a REST ID store. +- This API allows the client to update a REST ID store by name. +- This API allows the client to update a REST ID store. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: REST Id Store's description. + type: str + ersRESTIDStoreAttributes: + description: REST Id Store's ersRESTIDStoreAttributes. + suboptions: + headers: + description: REST Id Store's headers. + elements: dict + suboptions: + key: + description: REST Id Store's key. + type: str + value: + description: REST Id Store's value. + type: str + type: list + predefined: + description: The cloud provider connected to of the RESTIDStore. Options are + - Azure, - Okta, - None. + type: str + rootUrl: + description: Url of the root of the RESTIDStore. + type: str + usernameSuffix: + description: Suffix of the username domain. + type: str + type: dict + id: + description: REST Id Store's id. + type: str + name: + description: REST Id Store's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + restid_store.RestidStore.create_rest_id_store, + restid_store.RestidStore.delete_rest_id_store_by_id, + restid_store.RestidStore.delete_rest_id_store_by_name, + restid_store.RestidStore.update_rest_id_store_by_id, + restid_store.RestidStore.update_rest_id_store_by_name, + + - Paths used are + post /ers/config/restidstore, + delete /ers/config/restidstore/name/{name}, + delete /ers/config/restidstore/{id}, + put /ers/config/restidstore/name/{name}, + put /ers/config/restidstore/{id}, + +""" + +EXAMPLES = r""" +- name: Update by name + cisco.ise.rest_id_store: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + ersRestIDStoreAttributes: + headers: + - key: string + value: string + predefined: string + rootUrl: string + usernameSuffix: string + id: string + name: string + +- name: Delete by name + cisco.ise.rest_id_store: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + name: string + +- name: Update by id + cisco.ise.rest_id_store: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + ersRestIDStoreAttributes: + headers: + - key: string + value: string + predefined: string + rootUrl: string + usernameSuffix: string + id: string + name: string + +- name: Delete by id + cisco.ise.rest_id_store: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.rest_id_store: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + ersRestIDStoreAttributes: + headers: + - key: string + value: string + predefined: string + rootUrl: string + usernameSuffix: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "ersRestIDStoreAttributes": { + "usernameSuffix": "string", + "rootUrl": "string", + "predefined": "string", + "headers": [ + { + "key": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/rest_id_store_info.py b/ansible_collections/cisco/ise/plugins/modules/rest_id_store_info.py new file mode 100644 index 00000000..f9d5a1cd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/rest_id_store_info.py @@ -0,0 +1,182 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: rest_id_store_info +short_description: Information module for REST Id Store +description: +- Get all REST Id Store. +- Get REST Id Store by id. +- Get REST Id Store by name. +- This API allows the client to get a REST ID store by ID. +- This API allows the client to get a REST ID store by name. +- This API allows the client to get all the REST ID stores. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + restid_store.RestidStore.get_rest_id_store_by_id, + restid_store.RestidStore.get_rest_id_store_by_name, + restid_store.RestidStore.get_rest_id_store_generator, + + - Paths used are + get /ers/config/restidstore, + get /ers/config/restidstore/name/{name}, + get /ers/config/restidstore/{id}, + +""" + +EXAMPLES = r""" +- name: Get all REST Id Store + cisco.ise.rest_id_store_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get REST Id Store by id + cisco.ise.rest_id_store_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get REST Id Store by name + cisco.ise.rest_id_store_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "ersRestIDStoreAttributes": { + "usernameSuffix": "string", + "rootUrl": "string", + "predefined": "string", + "headers": [ + { + "key": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "ersRestIDStoreAttributes": { + "usernameSuffix": "string", + "rootUrl": "string", + "predefined": "string", + "headers": [ + { + "key": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/self_registered_portal.py b/ansible_collections/cisco/ise/plugins/modules/self_registered_portal.py new file mode 100644 index 00000000..a7b264ff --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/self_registered_portal.py @@ -0,0 +1,1392 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: self_registered_portal +short_description: Resource module for Self Registered Portal +description: +- Manage operations create, update and delete of the resource Self Registered Portal. +- This API creates a self registered portal. +- This API deletes a self registered portal by ID. +- This API allows the client to update a self registered portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Defines all of the Portal Customizations available. + suboptions: + globalCustomizations: + description: Self Registered Portal's globalCustomizations. + suboptions: + backgroundImage: + description: Self Registered Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: Self Registered Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: Self Registered Portal's bannerTitle. + type: str + contactText: + description: Self Registered Portal's contactText. + type: str + desktopLogoImage: + description: Self Registered Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: Self Registered Portal's footerElement. + type: str + mobileLogoImage: + description: Self Registered Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: Self Registered Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Represent the entire page customization as a giant dictionary. + suboptions: + data: + description: The Dictionary will be exposed here as key value pair. + elements: dict + suboptions: + key: + description: Self Registered Portal's key. + type: str + value: + description: Self Registered Portal's value. + type: str + type: list + type: dict + portalTheme: + description: Self Registered Portal's portalTheme. + suboptions: + id: + description: Self Registered Portal's id. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: Self Registered Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: Self Registered Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: Self Registered Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: Self Registered Portal's description. + type: str + id: + description: Self Registered Portal's id. + type: str + name: + description: Self Registered Portal's name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a portal. + suboptions: + aupSettings: + description: Self Registered Portal's aupSettings. + suboptions: + displayFrequency: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed Values - FIRSTLOGIN, - EVERYLOGIN, + - RECURRING. + type: str + displayFrequencyIntervalDays: + description: Number of days between AUP confirmations (when displayFrequency + = recurring). + type: int + includeAup: + description: Require the portal user to read and accept an AUP. + type: bool + requireAupScrolling: + description: Require the portal user to scroll to the end of the AUP. Only + valid if requireAupAcceptance = true. + type: bool + requireScrolling: + description: RequireScrolling flag. + type: bool + skipAupForEmployees: + description: Only valid if requireAupAcceptance = trueG. + type: bool + useDiffAupForEmployees: + description: Only valid if requireAupAcceptance = trueG. + type: bool + type: dict + authSuccessSettings: + description: Self Registered Portal's authSuccessSettings. + suboptions: + redirectUrl: + description: Self Registered Portal's redirectUrl. + type: str + successRedirect: + description: Self Registered Portal's successRedirect. + type: str + type: dict + byodSettings: + description: Configuration of BYOD Device Welcome, Registration and Success + steps. + suboptions: + byodRegistrationSettings: + description: Configuration of BYOD endpoint Registration step configuration. + suboptions: + endPointIdentityGroupId: + description: Identity group id for which endpoint belongs. + type: str + showDeviceID: + description: Display Device ID field during registration. + type: bool + type: dict + byodRegistrationSuccessSettings: + description: Configuration of BYOD endpoint Registration Success step configuration. + suboptions: + redirectUrl: + description: Target URL for redirection, used when successRedirect = + URL. + type: str + successRedirect: + description: After an Authentication Success where should device be + redirected. Allowed values - AUTHSUCCESSPAGE, - ORIGINATINGURL, - + URL. + type: str + type: dict + byodWelcomeSettings: + description: Configuration of BYOD endpoint welcome step configuration. + suboptions: + aupDisplay: + description: How the AUP should be displayed, either on page or as a + link. Only valid if includeAup = true. Allowed values - ONPAGE, - + ASLINK. + type: str + enableBYOD: + description: EnableBYOD flag. + type: bool + enableGuestAccess: + description: EnableGuestAccess flag. + type: bool + includeAup: + description: IncludeAup flag. + type: bool + requireAupAcceptance: + description: RequireAupAcceptance flag. + type: bool + requireMDM: + description: RequireMDM flag. + type: bool + requireScrolling: + description: Require BYOD devices to scroll down to the bottom of the + AUP, Only valid if includeAup = true. + type: bool + type: dict + type: dict + guestChangePasswordSettings: + description: Self Registered Portal's guestChangePasswordSettings. + suboptions: + allowChangePasswdAtFirstLogin: + description: Allow guest to change their own passwords. + type: bool + type: dict + guestDeviceRegistrationSettings: + description: Self Registered Portal's guestDeviceRegistrationSettings. + suboptions: + allowGuestsToRegisterDevices: + description: Allow guests to register devices. + type: bool + autoRegisterGuestDevices: + description: Automatically register guest devices. + type: bool + type: dict + loginPageSettings: + description: Portal Login Page settings groups follow. + suboptions: + accessCode: + description: Access code that must be entered by the portal user (only valid + if requireAccessCode = true). + type: str + allowAlternateGuestPortal: + description: AllowAlternateGuestPortal flag. + type: bool + allowForgotPassword: + description: AllowForgotPassword flag. + type: bool + allowGuestToChangePassword: + description: Require the portal user to enter an access code. + type: bool + allowGuestToCreateAccounts: + description: AllowGuestToCreateAccounts flag. + type: bool + allowGuestToUseSocialAccounts: + description: AllowGuestToUseSocialAccounts flag. + type: bool + allowShowGuestForm: + description: AllowShowGuestForm flag. + type: bool + alternateGuestPortal: + description: Self Registered Portal's alternateGuestPortal. + type: str + aupDisplay: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed values - ONPAGE, - ASLINK. + type: str + includeAup: + description: Include an Acceptable Use Policy (AUP) that should be displayed + during login. + type: bool + maxFailedAttemptsBeforeRateLimit: + description: Maximum failed login attempts before rate limiting. + type: int + requireAccessCode: + description: Require the portal user to enter an access code. + type: bool + requireAupAcceptance: + description: Require the portal user to accept the AUP. Only valid if includeAup + = true. + type: bool + socialConfigs: + description: Self Registered Portal's socialConfigs. + elements: dict + suboptions: + socialMediaType: + description: Self Registered Portal's socialMediaType. + type: str + socialMediaValue: + description: Self Registered Portal's socialMediaValue. + type: str + type: list + timeBetweenLoginsDuringRateLimit: + description: Time between login attempts when rate limiting. + type: int + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0, - eth1, - eth2, - eth3, - eth4, - eth5, - bond0, - bond1, - bond2. + elements: str + type: list + alwaysUsedLanguage: + description: Self Registered Portal's alwaysUsedLanguage. + type: str + assignedGuestTypeForEmployee: + description: Unique Id of a guest type. Employees using this portal as a + guest inherit login options from the guest type. + type: str + authenticationMethod: + description: Unique Id of the identity source sequence. + type: str + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + type: dict + postAccessBannerSettings: + description: Self Registered Portal's postAccessBannerSettings. + suboptions: + includePostAccessBanner: + description: IncludePostAccessBanner flag. + type: bool + type: dict + postLoginBannerSettings: + description: Self Registered Portal's postLoginBannerSettings. + suboptions: + includePostAccessBanner: + description: Include a Post-Login Banner page. + type: bool + type: dict + selfRegPageSettings: + description: Self Registered Portal's selfRegPageSettings. + suboptions: + accountValidityDuration: + description: Self-registered guest account is valid for this many account_validity_time_units. + type: int + accountValidityTimeUnits: + description: Time units for account_validity_duration. Allowed Values - + DAYS, - HOURS, - MINUTES. + type: str + allowGraceAccess: + description: AllowGraceAccess flag. + type: bool + approvalEmailAddresses: + description: Only valid if requireGuestApproval = true and sendApprovalRequestTo + = SELECTEDEMAILADDRESSES. + type: str + approveDenyLinksTimeUnits: + description: This attribute, along with approveDenyLinksValidFor, specifies + how long the link can be used. Only valid if requireGuestApproval = true. + Allowed Values - DAYS, - HOURS, - MINUTES. + type: str + approveDenyLinksValidFor: + description: This attribute, along with approveDenyLinksTimeUnits, specifies + how long the link can be used. Only valid if requireGuestApproval = true. + type: int + assignGuestsToGuestType: + description: Guests are assigned to this guest type. + type: str + aupDisplay: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed values - ONPAGE, - ASLINK. + type: str + authenticateSponsorsUsingPortalList: + description: AuthenticateSponsorsUsingPortalList flag. + type: bool + autoLoginSelfWait: + description: Allow guests to login automatically from self-registration + after sponsor's approval. No need to provide the credentials by guest + to login. + type: bool + autoLoginTimePeriod: + description: Waiting period for auto login until sponsor's approval. If + time exceeds, guest has to login manually by providing the credentials. + Default value is 5 minutes. + type: int + credentialNotificationUsingEmail: + description: If true, send credential notification upon approval using email. + Only valid if requireGuestApproval = true. + type: bool + credentialNotificationUsingSMS: + description: If true, send credential notification upon approval using SMS. + Only valid if requireGuestApproval = true. + type: bool + enableGuestEmailBlacklist: + description: Disallow guests with an e-mail address from selected domains. + type: bool + enableGuestEmailWhitelist: + description: Allow guests with an e-mail address from selected domains. + type: bool + fieldCompany: + description: Self Registered Portal's fieldCompany. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldEmailAddr: + description: Self Registered Portal's fieldEmailAddr. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldFirstName: + description: Self Registered Portal's fieldFirstName. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldLastName: + description: Self Registered Portal's fieldLastName. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldLocation: + description: Self Registered Portal's fieldLocation. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldPersonBeingVisited: + description: Self Registered Portal's fieldPersonBeingVisited. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldPhoneNo: + description: Self Registered Portal's fieldPhoneNo. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldReasonForVisit: + description: Self Registered Portal's fieldReasonForVisit. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldSMSProvider: + description: Self Registered Portal's fieldSMSProvider. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + fieldUserName: + description: Self Registered Portal's fieldUserName. + suboptions: + include: + description: Include flag. + type: bool + require: + description: Only applicable if include = true. + type: bool + type: dict + graceAccessExpireInterval: + description: Self Registered Portal's graceAccessExpireInterval. + type: int + graceAccessSendAccountExpiration: + description: GraceAccessSendAccountExpiration flag. + type: bool + guestEmailBlacklistDomains: + description: Disallow guests with an e-mail address from selected domains. + elements: str + type: list + guestEmailWhitelistDomains: + description: Self-registered guests whose e-mail address is in one of these + domains will be allowed. Only valid if enableGuestEmailWhitelist = true. + elements: str + type: list + includeAup: + description: Include an Acceptable Use Policy (AUP) that should be displayed + during login. + type: bool + postRegistrationRedirect: + description: After the registration submission direct the guest user to + one of the following pages. Only valid if requireGuestApproval = true. + Allowed Values - SELFREGISTRATIONSUCCESS, - LOGINPAGEWITHINSTRUCTIONS + - URL. + type: str + postRegistrationRedirectUrl: + description: URL where guest user is redirected after registration. Only + valid if requireGuestApproval = true and postRegistrationRedirect = URL. + type: str + registrationCode: + description: The registration code that the guest user must enter. + type: str + requireApproverToAuthenticate: + description: When self-registered guests require approval, an approval request + is e-mailed to one or more sponsor users. If the Cisco ISE Administrator + chooses to include an approval link in the e-mail, a sponsor user who + clicks the link will be required to enter their username and password + if this attribute is true. Only valid if requireGuestApproval = true. + type: bool + requireAupAcceptance: + description: Require the portal user to accept the AUP. Only valid if includeAup + = true. + type: bool + requireGuestApproval: + description: Require self-registered guests to be approved if true. + type: bool + requireRegistrationCode: + description: Self-registered guests are required to enter a registration + code. + type: bool + selectableLocations: + description: Guests can choose from these locations to set their time zone. + elements: str + type: list + selectableSMSProviders: + description: This attribute is an array of SMS provider names. + elements: str + type: list + sendApprovalRequestTo: + description: Specifies where approval requests are sent. Only valid if requireGuestApproval + = true. Allowed Values - SELECTEDEMAILADDRESSES, - PERSONBEINGVISITED. + type: str + sponsorPortalList: + description: Self Registered Portal's sponsorPortalList. + elements: str + type: list + type: dict + selfRegSuccessSettings: + description: Self Registered Portal's selfRegSuccessSettings. + suboptions: + allowGuestLoginFromSelfregSuccessPage: + description: AllowGuestLoginFromSelfregSuccessPage flag. + type: bool + allowGuestSendSelfUsingEmail: + description: AllowGuestSendSelfUsingEmail flag. + type: bool + allowGuestSendSelfUsingPrint: + description: AllowGuestSendSelfUsingPrint flag. + type: bool + allowGuestSendSelfUsingSMS: + description: AllowGuestSendSelfUsingSMS flag. + type: bool + aupOnPage: + description: AupOnPage flag. + type: bool + includeAup: + description: IncludeAup flag. + type: bool + includeCompany: + description: IncludeCompany flag. + type: bool + includeEmailAddr: + description: IncludeEmailAddr flag. + type: bool + includeFirstName: + description: IncludeFirstName flag. + type: bool + includeLastName: + description: IncludeLastName flag. + type: bool + includeLocation: + description: IncludeLocation flag. + type: bool + includePassword: + description: IncludePassword flag. + type: bool + includePersonBeingVisited: + description: IncludePersonBeingVisited flag. + type: bool + includePhoneNo: + description: IncludePhoneNo flag. + type: bool + includeReasonForVisit: + description: IncludeReasonForVisit flag. + type: bool + includeSMSProvider: + description: IncludeSMSProvider flag. + type: bool + includeUserName: + description: IncludeUserName flag. + type: bool + requireAupAcceptance: + description: RequireAupAcceptance flag. + type: bool + requireAupScrolling: + description: RequireAupScrolling flag. + type: bool + type: dict + supportInfoSettings: + description: Self Registered Portal's supportInfoSettings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SelfRegisteredPortal + description: Complete reference of the SelfRegisteredPortal API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!selfregportal +notes: + - SDK Method used are + self_registered_portal.SelfRegisteredPortal.create_self_registered_portal, + self_registered_portal.SelfRegisteredPortal.delete_self_registered_portal_by_id, + self_registered_portal.SelfRegisteredPortal.update_self_registered_portal_by_id, + + - Paths used are + post /ers/config/selfregportal, + delete /ers/config/selfregportal/{id}, + put /ers/config/selfregportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.self_registered_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireAupScrolling: true + requireScrolling: true + skipAupForEmployees: true + useDiffAupForEmployees: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + guestChangePasswordSettings: + allowChangePasswdAtFirstLogin: true + guestDeviceRegistrationSettings: + allowGuestsToRegisterDevices: true + autoRegisterGuestDevices: true + loginPageSettings: + accessCode: string + allowAlternateGuestPortal: true + allowForgotPassword: true + allowGuestToChangePassword: true + allowGuestToCreateAccounts: true + allowGuestToUseSocialAccounts: true + allowShowGuestForm: true + alternateGuestPortal: string + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAccessCode: true + requireAupAcceptance: true + socialConfigs: + - socialMediaType: string + socialMediaValue: string + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + assignedGuestTypeForEmployee: string + authenticationMethod: string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + selfRegPageSettings: + accountValidityDuration: 0 + accountValidityTimeUnits: string + allowGraceAccess: true + approvalEmailAddresses: string + approveDenyLinksTimeUnits: string + approveDenyLinksValidFor: 0 + assignGuestsToGuestType: string + aupDisplay: string + authenticateSponsorsUsingPortalList: true + autoLoginSelfWait: true + autoLoginTimePeriod: 0 + credentialNotificationUsingEmail: true + credentialNotificationUsingSms: true + enableGuestEmailBlacklist: true + enableGuestEmailWhitelist: true + fieldCompany: + include: true + require: true + fieldEmailAddr: + include: true + require: true + fieldFirstName: + include: true + require: true + fieldLastName: + include: true + require: true + fieldLocation: + include: true + require: true + fieldPersonBeingVisited: + include: true + require: true + fieldPhoneNo: + include: true + require: true + fieldReasonForVisit: + include: true + require: true + fieldSmsProvider: + include: true + require: true + fieldUserName: + include: true + require: true + graceAccessExpireInterval: 0 + graceAccessSendAccountExpiration: true + guestEmailBlacklistDomains: + - string + guestEmailWhitelistDomains: + - string + includeAup: true + postRegistrationRedirect: string + postRegistrationRedirectUrl: string + registrationCode: string + requireApproverToAuthenticate: true + requireAupAcceptance: true + requireGuestApproval: true + requireRegistrationCode: true + selectableLocations: + - string + selectableSmsProviders: + - string + sendApprovalRequestTo: string + sponsorPortalList: + - string + selfRegSuccessSettings: + allowGuestLoginFromSelfregSuccessPage: true + allowGuestSendSelfUsingEmail: true + allowGuestSendSelfUsingPrint: true + allowGuestSendSelfUsingSms: true + aupOnPage: true + includeAup: true + includeCompany: true + includeEmailAddr: true + includeFirstName: true + includeLastName: true + includeLocation: true + includePassword: true + includePersonBeingVisited: true + includePhoneNo: true + includeReasonForVisit: true + includeSmsProvider: true + includeUserName: true + requireAupAcceptance: true + requireAupScrolling: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.self_registered_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.self_registered_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireAupScrolling: true + requireScrolling: true + skipAupForEmployees: true + useDiffAupForEmployees: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + guestChangePasswordSettings: + allowChangePasswdAtFirstLogin: true + guestDeviceRegistrationSettings: + allowGuestsToRegisterDevices: true + autoRegisterGuestDevices: true + loginPageSettings: + accessCode: string + allowAlternateGuestPortal: true + allowForgotPassword: true + allowGuestToChangePassword: true + allowGuestToCreateAccounts: true + allowGuestToUseSocialAccounts: true + allowShowGuestForm: true + alternateGuestPortal: string + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAccessCode: true + requireAupAcceptance: true + socialConfigs: + - socialMediaType: string + socialMediaValue: string + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + assignedGuestTypeForEmployee: string + authenticationMethod: string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + selfRegPageSettings: + accountValidityDuration: 0 + accountValidityTimeUnits: string + allowGraceAccess: true + approvalEmailAddresses: string + approveDenyLinksTimeUnits: string + approveDenyLinksValidFor: 0 + assignGuestsToGuestType: string + aupDisplay: string + authenticateSponsorsUsingPortalList: true + autoLoginSelfWait: true + autoLoginTimePeriod: 0 + credentialNotificationUsingEmail: true + credentialNotificationUsingSms: true + enableGuestEmailBlacklist: true + enableGuestEmailWhitelist: true + fieldCompany: + include: true + require: true + fieldEmailAddr: + include: true + require: true + fieldFirstName: + include: true + require: true + fieldLastName: + include: true + require: true + fieldLocation: + include: true + require: true + fieldPersonBeingVisited: + include: true + require: true + fieldPhoneNo: + include: true + require: true + fieldReasonForVisit: + include: true + require: true + fieldSmsProvider: + include: true + require: true + fieldUserName: + include: true + require: true + graceAccessExpireInterval: 0 + graceAccessSendAccountExpiration: true + guestEmailBlacklistDomains: + - string + guestEmailWhitelistDomains: + - string + includeAup: true + postRegistrationRedirect: string + postRegistrationRedirectUrl: string + registrationCode: string + requireApproverToAuthenticate: true + requireAupAcceptance: true + requireGuestApproval: true + requireRegistrationCode: true + selectableLocations: + - string + selectableSmsProviders: + - string + sendApprovalRequestTo: string + sponsorPortalList: + - string + selfRegSuccessSettings: + allowGuestLoginFromSelfregSuccessPage: true + allowGuestSendSelfUsingEmail: true + allowGuestSendSelfUsingPrint: true + allowGuestSendSelfUsingSms: true + aupOnPage: true + includeAup: true + includeCompany: true + includeEmailAddr: true + includeFirstName: true + includeLastName: true + includeLocation: true + includePassword: true + includePersonBeingVisited: true + includePhoneNo: true + includeReasonForVisit: true + includeSmsProvider: true + includeUserName: true + requireAupAcceptance: true + requireAupScrolling: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "alternateGuestPortal": "string", + "allowGuestToUseSocialAccounts": true, + "allowShowGuestForm": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "selfRegPageSettings": { + "assignGuestsToGuestType": "string", + "accountValidityDuration": 0, + "accountValidityTimeUnits": "string", + "requireRegistrationCode": true, + "registrationCode": "string", + "fieldUserName": { + "include": true, + "require": true + }, + "fieldFirstName": { + "include": true, + "require": true + }, + "fieldLastName": { + "include": true, + "require": true + }, + "fieldEmailAddr": { + "include": true, + "require": true + }, + "fieldPhoneNo": { + "include": true, + "require": true + }, + "fieldCompany": { + "include": true, + "require": true + }, + "fieldLocation": { + "include": true, + "require": true + }, + "selectableLocations": [ + "string" + ], + "fieldSmsProvider": { + "include": true, + "require": true + }, + "selectableSmsProviders": [ + "string" + ], + "fieldPersonBeingVisited": { + "include": true, + "require": true + }, + "fieldReasonForVisit": { + "include": true, + "require": true + }, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "enableGuestEmailWhitelist": true, + "guestEmailWhitelistDomains": [ + "string" + ], + "enableGuestEmailBlacklist": true, + "guestEmailBlacklistDomains": [ + "string" + ], + "requireGuestApproval": true, + "autoLoginSelfWait": true, + "autoLoginTimePeriod": 0, + "allowGraceAccess": true, + "graceAccessExpireInterval": 0, + "graceAccessSendAccountExpiration": true, + "sendApprovalRequestTo": "string", + "approvalEmailAddresses": "string", + "postRegistrationRedirect": "string", + "postRegistrationRedirectUrl": "string", + "credentialNotificationUsingEmail": true, + "credentialNotificationUsingSms": true, + "approveDenyLinksValidFor": 0, + "approveDenyLinksTimeUnits": "string", + "requireApproverToAuthenticate": true, + "authenticateSponsorsUsingPortalList": true, + "sponsorPortalList": [ + "string" + ] + }, + "selfRegSuccessSettings": { + "includeUserName": true, + "includePassword": true, + "includeFirstName": true, + "includeLastName": true, + "includeEmailAddr": true, + "includePhoneNo": true, + "includeCompany": true, + "includeLocation": true, + "includeSmsProvider": true, + "includePersonBeingVisited": true, + "includeReasonForVisit": true, + "allowGuestSendSelfUsingPrint": true, + "allowGuestSendSelfUsingEmail": true, + "allowGuestSendSelfUsingSms": true, + "includeAup": true, + "aupOnPage": true, + "requireAupAcceptance": true, + "requireAupScrolling": true, + "allowGuestLoginFromSelfregSuccessPage": true + }, + "aupSettings": { + "includeAup": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "requireScrolling": true, + "requireAupScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/self_registered_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/self_registered_portal_info.py new file mode 100644 index 00000000..42d00979 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/self_registered_portal_info.py @@ -0,0 +1,623 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: self_registered_portal_info +short_description: Information module for Self Registered Portal +description: +- Get all Self Registered Portal. +- Get Self Registered Portal by id. +- This API allows the client to get a self registered portal by ID. +- This API allows the client to get all the self registered portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SelfRegisteredPortal + description: Complete reference of the SelfRegisteredPortal API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!selfregportal +notes: + - SDK Method used are + self_registered_portal.SelfRegisteredPortal.get_self_registered_portal_by_id, + self_registered_portal.SelfRegisteredPortal.get_self_registered_portals_generator, + + - Paths used are + get /ers/config/selfregportal, + get /ers/config/selfregportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Self Registered Portal + cisco.ise.self_registered_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Self Registered Portal by id + cisco.ise.self_registered_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "alternateGuestPortal": "string", + "allowGuestToUseSocialAccounts": true, + "allowShowGuestForm": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "selfRegPageSettings": { + "assignGuestsToGuestType": "string", + "accountValidityDuration": 0, + "accountValidityTimeUnits": "string", + "requireRegistrationCode": true, + "registrationCode": "string", + "fieldUserName": { + "include": true, + "require": true + }, + "fieldFirstName": { + "include": true, + "require": true + }, + "fieldLastName": { + "include": true, + "require": true + }, + "fieldEmailAddr": { + "include": true, + "require": true + }, + "fieldPhoneNo": { + "include": true, + "require": true + }, + "fieldCompany": { + "include": true, + "require": true + }, + "fieldLocation": { + "include": true, + "require": true + }, + "selectableLocations": [ + "string" + ], + "fieldSmsProvider": { + "include": true, + "require": true + }, + "selectableSmsProviders": [ + "string" + ], + "fieldPersonBeingVisited": { + "include": true, + "require": true + }, + "fieldReasonForVisit": { + "include": true, + "require": true + }, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "enableGuestEmailWhitelist": true, + "guestEmailWhitelistDomains": [ + "string" + ], + "enableGuestEmailBlacklist": true, + "guestEmailBlacklistDomains": [ + "string" + ], + "requireGuestApproval": true, + "autoLoginSelfWait": true, + "autoLoginTimePeriod": 0, + "allowGraceAccess": true, + "graceAccessExpireInterval": 0, + "graceAccessSendAccountExpiration": true, + "sendApprovalRequestTo": "string", + "approvalEmailAddresses": "string", + "postRegistrationRedirect": "string", + "postRegistrationRedirectUrl": "string", + "credentialNotificationUsingEmail": true, + "credentialNotificationUsingSms": true, + "approveDenyLinksValidFor": 0, + "approveDenyLinksTimeUnits": "string", + "requireApproverToAuthenticate": true, + "authenticateSponsorsUsingPortalList": true, + "sponsorPortalList": [ + "string" + ] + }, + "selfRegSuccessSettings": { + "includeUserName": true, + "includePassword": true, + "includeFirstName": true, + "includeLastName": true, + "includeEmailAddr": true, + "includePhoneNo": true, + "includeCompany": true, + "includeLocation": true, + "includeSmsProvider": true, + "includePersonBeingVisited": true, + "includeReasonForVisit": true, + "allowGuestSendSelfUsingPrint": true, + "allowGuestSendSelfUsingEmail": true, + "allowGuestSendSelfUsingSms": true, + "includeAup": true, + "aupOnPage": true, + "requireAupAcceptance": true, + "requireAupScrolling": true, + "allowGuestLoginFromSelfregSuccessPage": true + }, + "aupSettings": { + "includeAup": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "requireScrolling": true, + "requireAupScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "alternateGuestPortal": "string", + "allowGuestToUseSocialAccounts": true, + "allowShowGuestForm": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "selfRegPageSettings": { + "assignGuestsToGuestType": "string", + "accountValidityDuration": 0, + "accountValidityTimeUnits": "string", + "requireRegistrationCode": true, + "registrationCode": "string", + "fieldUserName": { + "include": true, + "require": true + }, + "fieldFirstName": { + "include": true, + "require": true + }, + "fieldLastName": { + "include": true, + "require": true + }, + "fieldEmailAddr": { + "include": true, + "require": true + }, + "fieldPhoneNo": { + "include": true, + "require": true + }, + "fieldCompany": { + "include": true, + "require": true + }, + "fieldLocation": { + "include": true, + "require": true + }, + "selectableLocations": [ + "string" + ], + "fieldSmsProvider": { + "include": true, + "require": true + }, + "selectableSmsProviders": [ + "string" + ], + "fieldPersonBeingVisited": { + "include": true, + "require": true + }, + "fieldReasonForVisit": { + "include": true, + "require": true + }, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "enableGuestEmailWhitelist": true, + "guestEmailWhitelistDomains": [ + "string" + ], + "enableGuestEmailBlacklist": true, + "guestEmailBlacklistDomains": [ + "string" + ], + "requireGuestApproval": true, + "autoLoginSelfWait": true, + "autoLoginTimePeriod": 0, + "allowGraceAccess": true, + "graceAccessExpireInterval": 0, + "graceAccessSendAccountExpiration": true, + "sendApprovalRequestTo": "string", + "approvalEmailAddresses": "string", + "postRegistrationRedirect": "string", + "postRegistrationRedirectUrl": "string", + "credentialNotificationUsingEmail": true, + "credentialNotificationUsingSms": true, + "approveDenyLinksValidFor": 0, + "approveDenyLinksTimeUnits": "string", + "requireApproverToAuthenticate": true, + "authenticateSponsorsUsingPortalList": true, + "sponsorPortalList": [ + "string" + ] + }, + "selfRegSuccessSettings": { + "includeUserName": true, + "includePassword": true, + "includeFirstName": true, + "includeLastName": true, + "includeEmailAddr": true, + "includePhoneNo": true, + "includeCompany": true, + "includeLocation": true, + "includeSmsProvider": true, + "includePersonBeingVisited": true, + "includeReasonForVisit": true, + "allowGuestSendSelfUsingPrint": true, + "allowGuestSendSelfUsingEmail": true, + "allowGuestSendSelfUsingSms": true, + "includeAup": true, + "aupOnPage": true, + "requireAupAcceptance": true, + "requireAupScrolling": true, + "allowGuestLoginFromSelfregSuccessPage": true + }, + "aupSettings": { + "includeAup": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "requireScrolling": true, + "requireAupScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/selfsigned_certificate_generate.py b/ansible_collections/cisco/ise/plugins/modules/selfsigned_certificate_generate.py new file mode 100644 index 00000000..eecd7b54 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/selfsigned_certificate_generate.py @@ -0,0 +1,196 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: selfsigned_certificate_generate +short_description: Resource module for Selfsigned Certificate Generate +description: +- Manage operation create of the resource Selfsigned Certificate Generate. +- Generate Self-signed Certificate. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + admin: + description: Use certificate to authenticate the Cisco ISE Admin Portal. + type: bool + allowExtendedValidity: + description: Allow generation of self-signed certificate with validity greater than + 398 days. + type: bool + allowPortalTagTransferForSameSubject: + description: Allow overwriting the portal tag from matching certificate of same + subject. + type: bool + allowReplacementOfCertificates: + description: Allow Replacement of certificates. + type: bool + allowReplacementOfPortalGroupTag: + description: Allow Replacement of Portal Group Tag. + type: bool + allowRoleTransferForSameSubject: + description: Allow transfer of roles for certificate with matching subject. + type: bool + allowSanDnsBadName: + description: Allow usage of SAN DNS Bad name. + type: bool + allowSanDnsNonResolvable: + description: Allow use of non resolvable Common Name or SAN Values. + type: bool + allowWildCardCertificates: + description: Allow Wildcard Certificates. + type: bool + certificatePolicies: + description: Certificate Policies. + type: str + digestType: + description: Digest to sign with. + type: str + eap: + description: Use certificate for EAP protocols that use SSL/TLS tunneling. + type: bool + expirationTTL: + description: Certificate expiration value. + type: int + expirationTTLUnit: + description: Certificate expiration unit. + type: str + hostName: + description: Hostname of the Cisco ISE node in which self-signed certificate should + be generated. + type: str + keyLength: + description: Bit size of public key. + type: str + keyType: + description: Algorithm to use for certificate public key creation. + type: str + name: + description: Friendly name of the certificate. + type: str + portal: + description: Use for portal. + type: bool + portalGroupTag: + description: Set Group tag. + type: str + pxgrid: + description: Use certificate for the pxGrid Controller. + type: bool + radius: + description: Use certificate for the RADSec server. + type: bool + saml: + description: Use certificate for SAML Signing. + type: bool + sanDNS: + description: Array of SAN (Subject Alternative Name) DNS entries. + elements: str + type: list + sanIP: + description: Array of SAN IP entries. + elements: str + type: list + sanURI: + description: Array of SAN URI entries. + elements: str + type: list + subjectCity: + description: Certificate city or locality (L). + type: str + subjectCommonName: + description: Certificate common name (CN). + type: str + subjectCountry: + description: Certificate country (C). + type: str + subjectOrg: + description: Certificate organization (O). + type: str + subjectOrgUnit: + description: Certificate organizational unit (OU). + type: str + subjectState: + description: Certificate state (ST). + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.generate_self_signed_certificate, + + - Paths used are + post /api/v1/certs/system-certificate/generate-selfsigned-certificate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.selfsigned_certificate_generate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + admin: true + allowExtendedValidity: true + allowPortalTagTransferForSameSubject: true + allowReplacementOfCertificates: true + allowReplacementOfPortalGroupTag: true + allowRoleTransferForSameSubject: true + allowSanDnsBadName: true + allowSanDnsNonResolvable: true + allowWildCardCertificates: true + certificatePolicies: string + digestType: string + eap: true + expirationTTL: 0 + expirationTTLUnit: string + hostName: string + keyLength: string + keyType: string + name: string + portal: true + portalGroupTag: string + pxgrid: true + radius: true + saml: true + sanDNS: + - string + sanIP: + - string + sanURI: + - string + subjectCity: string + subjectCommonName: string + subjectCountry: string + subjectOrg: string + subjectOrgUnit: string + subjectState: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string", + "status": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/session_service_node_info.py b/ansible_collections/cisco/ise/plugins/modules/session_service_node_info.py new file mode 100644 index 00000000..59be20e3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/session_service_node_info.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: session_service_node_info +short_description: Information module for Session Service Node +description: +- Get all Session Service Node. +- Get Session Service Node by id. +- Get Session Service Node by name. +- This API allows the client to get a PSN node details by ID. +- This API allows the client to get a PSN node details by name. +- This API allows the client to get all the PSN node details. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for PsnNodeDetailsWithRadiusService + description: Complete reference of the PsnNodeDetailsWithRadiusService API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sessionservicenode +notes: + - SDK Method used are + psn_node_details_with_radius_service.PsnNodeDetailsWithRadiusService.get_session_service_node_by_id, + psn_node_details_with_radius_service.PsnNodeDetailsWithRadiusService.get_session_service_node_by_name, + psn_node_details_with_radius_service.PsnNodeDetailsWithRadiusService.get_session_service_node_generator, + + - Paths used are + get /ers/config/sessionservicenode, + get /ers/config/sessionservicenode/name/{name}, + get /ers/config/sessionservicenode/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Session Service Node + cisco.ise.session_service_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Session Service Node by id + cisco.ise.session_service_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get Session Service Node by name + cisco.ise.session_service_node_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "ipAddress": "string", + "gateWay": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "ipAddress": "string", + "gateWay": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_acl.py b/ansible_collections/cisco/ise/plugins/modules/sg_acl.py new file mode 100644 index 00000000..ba6fd695 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_acl.py @@ -0,0 +1,150 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_acl +short_description: Resource module for SGACL +description: +- Manage operations create, update and delete of the resource SGACL. +- This API creates a security group ACL. +- This API deletes a security group ACL. +- This API allows the client to update a security group ACL. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + aclcontent: + description: SGACL's aclcontent. + type: str + description: + description: SGACL's description. + type: str + generationId: + description: SGACL's generationId. + type: str + id: + description: SGACL's id. + type: str + ipVersion: + description: Allowed values - IPV4, - IPV6, - IP_AGNOSTIC. + type: str + isReadOnly: + description: IsReadOnly flag. + type: bool + modelledContent: + description: Modelled content of contract. + type: dict + name: + description: SGACL's name. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupsACLs + description: Complete reference of the SecurityGroupsACLs API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgacl +notes: + - SDK Method used are + security_groups_acls.SecurityGroupsAcls.create_security_groups_acl, + security_groups_acls.SecurityGroupsAcls.delete_security_groups_acl_by_id, + security_groups_acls.SecurityGroupsAcls.update_security_groups_acl_by_id, + + - Paths used are + post /ers/config/sgacl, + delete /ers/config/sgacl/{id}, + put /ers/config/sgacl/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sg_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + aclcontent: string + description: string + generationId: string + id: string + ipVersion: string + isReadOnly: true + modelledContent: {} + name: string + +- name: Delete by id + cisco.ise.sg_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sg_acl: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + aclcontent: string + description: string + generationId: string + ipVersion: string + isReadOnly: true + modelledContent: {} + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "generationId": "string", + "aclcontent": "string", + "isReadOnly": true, + "modelledContent": {}, + "ipVersion": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_monitor_status_info.py new file mode 100644 index 00000000..d23f90b5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_monitor_status_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_acl_bulk_monitor_status_info +short_description: Information module for SGACL Bulk Monitor Status +description: +- Get SGACL Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupsACLs + description: Complete reference of the SecurityGroupsACLs API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgacl +notes: + - SDK Method used are + security_groups_acls.SecurityGroupsAcls.monitor_bulk_status_security_groups_acl, + + - Paths used are + get /ers/config/sgacl/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SGACL Bulk Monitor Status by id + cisco.ise.sg_acl_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_request.py new file mode 100644 index 00000000..7ffae318 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_acl_bulk_request.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_acl_bulk_request +short_description: Resource module for SGACL Bulk Request +description: +- Manage operation update of the resource SGACL Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SGACL Bulk Request's operationType. + type: str + resourceMediaType: + description: SGACL Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupsACLs + description: Complete reference of the SecurityGroupsACLs API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgacl +notes: + - SDK Method used are + security_groups_acls.SecurityGroupsAcls.bulk_request_for_security_groups_acl, + + - Paths used are + put /ers/config/sgacl/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_acl_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_acl_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_acl_info.py new file mode 100644 index 00000000..3ea64a8b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_acl_info.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_acl_info +short_description: Information module for SGACL +description: +- Get all SGACL. +- Get SGACL by id. +- This API allows the client to get a security group ACL by ID. +- This API allows the client to get all the security group ACLs. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupsACLs + description: Complete reference of the SecurityGroupsACLs API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgacl +notes: + - SDK Method used are + security_groups_acls.SecurityGroupsAcls.get_security_groups_acl_by_id, + security_groups_acls.SecurityGroupsAcls.get_security_groups_acl_generator, + + - Paths used are + get /ers/config/sgacl, + get /ers/config/sgacl/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SGACL + cisco.ise.sg_acl_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SGACL by id + cisco.ise.sg_acl_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "generationId": "string", + "aclcontent": "string", + "isReadOnly": true, + "modelledContent": {}, + "ipVersion": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "generationId": "string", + "aclcontent": "string", + "isReadOnly": true, + "modelledContent": {}, + "ipVersion": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping.py new file mode 100644 index 00000000..8bd08e3a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping.py @@ -0,0 +1,151 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping +short_description: Resource module for SG Mapping +description: +- Manage operations create, update and delete of the resource SG Mapping. +- This API creates an IP to SGT mapping. +- This API deletes an IP to SGT mapping. +- This API allows the client to update an IP to SGT mapping by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + deployTo: + description: Mandatory unless mappingGroup is set or unless deployType=ALL. + type: str + deployType: + description: Allowed values - ALL, - ND, - NDG. + type: str + hostIp: + description: Mandatory if hostName is empty -- valid IP. + type: str + hostName: + description: Mandatory if hostIp is empty. + type: str + id: + description: SG Mapping's id. + type: str + mappingGroup: + description: Mapping Group Id. Mandatory unless sgt and deployTo and deployType + are set. + type: str + name: + description: SG Mapping's name. + type: str + sgt: + description: Mandatory unless mappingGroup is set. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.create_ip_to_sgt_mapping, + ip_to_sgt_mapping.IpToSgtMapping.delete_ip_to_sgt_mapping_by_id, + ip_to_sgt_mapping.IpToSgtMapping.update_ip_to_sgt_mapping_by_id, + + - Paths used are + post /ers/config/sgmapping, + delete /ers/config/sgmapping/{id}, + put /ers/config/sgmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sg_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + deployTo: string + deployType: string + hostIp: string + hostName: string + id: string + mappingGroup: string + name: string + sgt: string + +- name: Delete by id + cisco.ise.sg_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sg_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + deployTo: string + deployType: string + hostIp: string + hostName: string + mappingGroup: string + name: string + sgt: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "hostName": "string", + "hostIp": "string", + "mappingGroup": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_monitor_status_info.py new file mode 100644 index 00000000..6814106a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_monitor_status_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_bulk_monitor_status_info +short_description: Information module for SG Mapping Bulk Monitor Status +description: +- Get SG Mapping Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.monitor_bulk_status_ip_to_sgt_mapping, + + - Paths used are + get /ers/config/sgmapping/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SG Mapping Bulk Monitor Status by id + cisco.ise.sg_mapping_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_request.py new file mode 100644 index 00000000..aa8d7f73 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_bulk_request.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_bulk_request +short_description: Resource module for SG Mapping Bulk Request +description: +- Manage operation update of the resource SG Mapping Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SG Mapping Bulk Request's operationType. + type: str + resourceMediaType: + description: SG Mapping Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.bulk_request_for_ip_to_sgt_mapping, + + - Paths used are + put /ers/config/sgmapping/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy.py new file mode 100644 index 00000000..d40159d1 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_deploy +short_description: Resource module for SG Mapping Deploy +description: +- Manage operation update of the resource SG Mapping Deploy. +- This API allows the client to deploy an IP to SGT mapping by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.deploy_ip_to_sgt_mapping_by_id, + + - Paths used are + put /ers/config/sgmapping/{id}/deploy, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_deploy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_all.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_all.py new file mode 100644 index 00000000..20686b4c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_all.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_deploy_all +short_description: Resource module for SG Mapping Deploy All +description: +- Manage operation update of the resource SG Mapping Deploy All. +- This API allows the client to deploy all the IP to SGT mappings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.deploy_all_ip_to_sgt_mapping, + + - Paths used are + put /ers/config/sgmapping/deployall, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_deploy_all: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_status_info.py new file mode 100644 index 00000000..605873b8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_deploy_status_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_deploy_status_info +short_description: Information module for SG Mapping Deploy Status +description: +- Get all SG Mapping Deploy Status. +- This API allows the client to get the IP to SGT mapping deployment status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.get_deploy_status_ip_to_sgt_mapping, + + - Paths used are + put /ers/config/sgmapping/deploy/status, + +""" + +EXAMPLES = r""" +- name: Get all SG Mapping Deploy Status + cisco.ise.sg_mapping_deploy_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group.py new file mode 100644 index 00000000..2f20a796 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group.py @@ -0,0 +1,131 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group +short_description: Resource module for SG Mapping Group +description: +- Manage operations create, update and delete of the resource SG Mapping Group. +- This API creates an IP to SGT mapping group. +- This API deletes an IP to SGT mapping group. +- This API allows the client to update an IP to SGT mapping group by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + deployTo: + description: Mandatory unless mappingGroup is set or unless deployType=ALL. + type: str + deployType: + description: Allowed values - ALL, - ND, - NDG. + type: str + id: + description: Id path parameter. + type: str + name: + description: SG Mapping Group's name. + type: str + sgt: + description: Mandatory unless mappingGroup is set. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.create_ip_to_sgt_mapping_group, + ip_to_sgt_mapping_group.IpToSgtMappingGroup.delete_ip_to_sgt_mapping_group_by_id, + ip_to_sgt_mapping_group.IpToSgtMappingGroup.update_ip_to_sgt_mapping_group_by_id, + + - Paths used are + post /ers/config/sgmappinggroup, + delete /ers/config/sgmappinggroup/{id}, + put /ers/config/sgmappinggroup/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sg_mapping_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + deployTo: string + deployType: string + id: string + name: string + sgt: string + +- name: Delete by id + cisco.ise.sg_mapping_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sg_mapping_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + deployTo: string + deployType: string + name: string + sgt: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_monitor_status_info.py new file mode 100644 index 00000000..856788bf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_monitor_status_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_bulk_monitor_status_info +short_description: Information module for SG Mapping Group Bulk Monitor Status +description: +- Get SG Mapping Group Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.monitor_bulk_status_ip_to_sgt_mapping_group, + + - Paths used are + get /ers/config/sgmappinggroup/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SG Mapping Group Bulk Monitor Status by id + cisco.ise.sg_mapping_group_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_request.py new file mode 100644 index 00000000..f8f97da7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_bulk_request.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_bulk_request +short_description: Resource module for SG Mapping Group Bulk Request +description: +- Manage operation update of the resource SG Mapping Group Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SG Mapping Group Bulk Request's operationType. + type: str + resourceMediaType: + description: SG Mapping Group Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.bulk_request_for_ip_to_sgt_mapping_group, + + - Paths used are + put /ers/config/sgmappinggroup/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_group_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy.py new file mode 100644 index 00000000..2b35f9ba --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_deploy +short_description: Resource module for SG Mapping Group Deploy +description: +- Manage operation update of the resource SG Mapping Group Deploy. +- This API allows the client to deploy an IP to SGT mapping group by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.deploy_ip_to_sgt_mapping_group_by_id, + + - Paths used are + put /ers/config/sgmappinggroup/{id}/deploy, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_group_deploy: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_all.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_all.py new file mode 100644 index 00000000..666c65d7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_all.py @@ -0,0 +1,52 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_deploy_all +short_description: Resource module for SG Mapping Group Deploy All +description: +- Manage operation update of the resource SG Mapping Group Deploy All. +- This API allows the client to deploy all the IP to SGT mapping groups. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.deploy_all_ip_to_sgt_mapping_group, + + - Paths used are + put /ers/config/sgmappinggroup/deployall, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_mapping_group_deploy_all: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_status_info.py new file mode 100644 index 00000000..3f3cf6ad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_deploy_status_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_deploy_status_info +short_description: Information module for SG Mapping Group Deploy Status +description: +- Get all SG Mapping Group Deploy Status. +- This API allows the client to get the IP to SGT mapping group deployment. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.get_deploy_status_ip_to_sgt_mapping_group, + + - Paths used are + put /ers/config/sgmappinggroup/deploy/status, + +""" + +EXAMPLES = r""" +- name: Get all SG Mapping Group Deploy Status + cisco.ise.sg_mapping_group_deploy_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_info.py new file mode 100644 index 00000000..725b00d8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_group_info.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_group_info +short_description: Information module for SG Mapping Group +description: +- Get all SG Mapping Group. +- Get SG Mapping Group by id. +- This API allows the client to get all the IP to SGT mapping groups. +- This API allows the client to get an IP to SGT mapping group by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMappingGroup + description: Complete reference of the IPToSGTMappingGroup API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmappinggroup +notes: + - SDK Method used are + ip_to_sgt_mapping_group.IpToSgtMappingGroup.get_ip_to_sgt_mapping_group_by_id, + ip_to_sgt_mapping_group.IpToSgtMappingGroup.get_ip_to_sgt_mapping_group_generator, + + - Paths used are + get /ers/config/sgmappinggroup, + get /ers/config/sgmappinggroup/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SG Mapping Group + cisco.ise.sg_mapping_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SG Mapping Group by id + cisco.ise.sg_mapping_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_mapping_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_info.py new file mode 100644 index 00000000..3ebb64ac --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_mapping_info.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_mapping_info +short_description: Information module for SG Mapping +description: +- Get all SG Mapping. +- Get SG Mapping by id. +- This API allows the client to get all the IP to SGT mappings. +- This API allows the client to get an IP to SGT mapping by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for IPToSGTMapping + description: Complete reference of the IPToSGTMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgmapping +notes: + - SDK Method used are + ip_to_sgt_mapping.IpToSgtMapping.get_ip_to_sgt_mapping_by_id, + ip_to_sgt_mapping.IpToSgtMapping.get_ip_to_sgt_mapping_generator, + + - Paths used are + get /ers/config/sgmapping, + get /ers/config/sgmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SG Mapping + cisco.ise.sg_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SG Mapping by id + cisco.ise.sg_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "hostName": "string", + "hostIp": "string", + "mappingGroup": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "sgt": "string", + "deployTo": "string", + "deployType": "string", + "hostName": "string", + "hostIp": "string", + "mappingGroup": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan.py b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan.py new file mode 100644 index 00000000..4fb8805f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan.py @@ -0,0 +1,209 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_to_vn_to_vlan +short_description: Resource module for SG To VN To VLAN +description: +- Manage operations create, update and delete of the resource SG To VN To VLAN. +- This API creates a security group to virtual network. +- This API deletes a security group ACL to virtual network. +- This API allows the client to update a security group to virtual network. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: SG To VN To VLAN's description. + type: str + id: + description: SG To VN To VLAN's id. + type: str + name: + description: SG To VN To VLAN's name. + type: str + sgtId: + description: SG To VN To VLAN's sgtId. + type: str + virtualnetworklist: + description: SG To VN To VLAN's virtualnetworklist. + elements: dict + suboptions: + defaultVirtualNetwork: + description: DefaultVirtualNetwork flag. + type: bool + description: + description: SG To VN To VLAN's description. + type: str + id: + description: SG To VN To VLAN's id. + type: str + name: + description: SG To VN To VLAN's name. + type: str + vlans: + description: SG To VN To VLAN's vlans. + elements: dict + suboptions: + data: + description: Data flag. + type: bool + defaultVLAN: + description: DefaultVLAN flag. + type: bool + description: + description: SG To VN To VLAN's description. + type: str + id: + description: SG To VN To VLAN's id. + type: str + maxValue: + description: SG To VN To VLAN's maxValue. + type: int + name: + description: SG To VN To VLAN's name. + type: str + type: list + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupToVirtualNetwork + description: Complete reference of the SecurityGroupToVirtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgtvnvlan +notes: + - SDK Method used are + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.create_security_groups_to_vn_to_vlan, + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.delete_security_groups_to_vn_to_vlan_by_id, + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.update_security_groups_to_vn_to_vlan_by_id, + + - Paths used are + post /ers/config/sgtvnvlan, + delete /ers/config/sgtvnvlan/{id}, + put /ers/config/sgtvnvlan/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sg_to_vn_to_vlan: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + sgtId: string + virtualnetworklist: + - defaultVirtualNetwork: true + description: string + id: string + name: string + vlans: + - data: true + defaultVlan: true + description: string + id: string + maxValue: 0 + name: string + +- name: Delete by id + cisco.ise.sg_to_vn_to_vlan: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sg_to_vn_to_vlan: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + sgtId: string + virtualnetworklist: + - defaultVirtualNetwork: true + description: string + id: string + name: string + vlans: + - data: true + defaultVlan: true + description: string + id: string + maxValue: 0 + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sgtId": "string", + "virtualnetworklist": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVirtualNetwork": true, + "vlans": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVlan": true, + "maxValue": 0, + "data": true + } + ] + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_monitor_status_info.py new file mode 100644 index 00000000..b97da0a7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_monitor_status_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_to_vn_to_vlan_bulk_monitor_status_info +short_description: Information module for SG To VN To VLAN Bulk Monitor Status +description: +- Get SG To VN To VLAN Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupToVirtualNetwork + description: Complete reference of the SecurityGroupToVirtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgtvnvlan +notes: + - SDK Method used are + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.monitor_bulk_status_security_groups_to_vn_to_vlan, + + - Paths used are + get /ers/config/sgtvnvlan/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SG To VN To VLAN Bulk Monitor Status by id + cisco.ise.sg_to_vn_to_vlan_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_request.py new file mode 100644 index 00000000..958cf405 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_bulk_request.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_to_vn_to_vlan_bulk_request +short_description: Resource module for SG To VN To VLAN Bulk Request +description: +- Manage operation update of the resource SG To VN To VLAN Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SG To VN To VLAN Bulk Request's operationType. + type: str + resourceMediaType: + description: SG To VN To VLAN Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupToVirtualNetwork + description: Complete reference of the SecurityGroupToVirtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgtvnvlan +notes: + - SDK Method used are + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.bulk_request_for_security_groups_to_vn_to_vlan, + + - Paths used are + put /ers/config/sgtvnvlan/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sg_to_vn_to_vlan_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_info.py b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_info.py new file mode 100644 index 00000000..18394741 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sg_to_vn_to_vlan_info.py @@ -0,0 +1,175 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sg_to_vn_to_vlan_info +short_description: Information module for SG To VN To VLAN +description: +- Get all SG To VN To VLAN. +- Get SG To VN To VLAN by id. +- This API allows the client to get a security group to virtual network by ID. +- This API allows the client to get all the security group ACL to virtual. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroupToVirtualNetwork + description: Complete reference of the SecurityGroupToVirtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgtvnvlan +notes: + - SDK Method used are + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.get_security_groups_to_vn_to_vlan_by_id, + security_group_to_virtual_network.SecurityGroupToVirtualNetwork.get_security_groups_to_vn_to_vlan_generator, + + - Paths used are + get /ers/config/sgtvnvlan, + get /ers/config/sgtvnvlan/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SG To VN To VLAN + cisco.ise.sg_to_vn_to_vlan_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + filter: [] + filterType: AND + register: result + +- name: Get SG To VN To VLAN by id + cisco.ise.sg_to_vn_to_vlan_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sgtId": "string", + "virtualnetworklist": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVirtualNetwork": true, + "vlans": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVlan": true, + "maxValue": 0, + "data": true + } + ] + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "sgtId": "string", + "virtualnetworklist": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVirtualNetwork": true, + "vlans": [ + { + "id": "string", + "name": "string", + "description": "string", + "defaultVlan": true, + "maxValue": 0, + "data": true + } + ] + } + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sgt.py b/ansible_collections/cisco/ise/plugins/modules/sgt.py new file mode 100644 index 00000000..c7d7e013 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sgt.py @@ -0,0 +1,157 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sgt +short_description: Resource module for SGt +description: +- Manage operations create, update and delete of the resource SGt. +- This API creates a security group. +- This API deletes a security group. +- This API allows the client to update a security group. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + defaultSGACLs: + description: SGt's defaultSGACLs. + elements: dict + type: list + description: + description: SGt's description. + type: str + generationId: + description: SGt's generationId. + type: str + id: + description: SGt's id. + type: str + isReadOnly: + description: IsReadOnly flag. + type: bool + name: + description: SGt's name. + type: str + required: true + propogateToApic: + description: PropogateToApic flag. + type: bool + value: + description: Value range 2 ot 65519 or -1 to auto-generate. + type: int + required: true +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroups + description: Complete reference of the SecurityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgt +notes: + - SDK Method used are + security_groups.SecurityGroups.create_security_group, + security_groups.SecurityGroups.delete_security_group_by_id, + security_groups.SecurityGroups.update_security_group_by_id, + + - Paths used are + post /ers/config/sgt, + delete /ers/config/sgt/{id}, + put /ers/config/sgt/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sgt: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + defaultSGACLs: + - {} + description: string + generationId: string + id: string + isReadOnly: true + name: string + propogateToApic: true + value: 0 + +- name: Delete by id + cisco.ise.sgt: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sgt: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + defaultSGACLs: + - {} + description: string + generationId: string + isReadOnly: true + name: string + propogateToApic: true + value: 0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "value": 0, + "generationId": "string", + "isReadOnly": true, + "propogateToApic": true, + "defaultSGACLs": [ + {} + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_monitor_status_info.py new file mode 100644 index 00000000..f8776d48 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_monitor_status_info.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sgt_bulk_monitor_status_info +short_description: Information module for SGt Bulk Monitor Status +description: +- Get SGt Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroups + description: Complete reference of the SecurityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgt +notes: + - SDK Method used are + security_groups.SecurityGroups.monitor_bulk_status_security_group, + + - Paths used are + get /ers/config/sgt/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SGt Bulk Monitor Status by id + cisco.ise.sgt_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_request.py new file mode 100644 index 00000000..c295c10b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sgt_bulk_request.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sgt_bulk_request +short_description: Resource module for SGt Bulk Request +description: +- Manage operation update of the resource SGt Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SGt Bulk Request's operationType. + type: str + resourceMediaType: + description: SGt Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroups + description: Complete reference of the SecurityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgt +notes: + - SDK Method used are + security_groups.SecurityGroups.bulk_request_for_security_group, + + - Paths used are + put /ers/config/sgt/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sgt_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sgt_info.py b/ansible_collections/cisco/ise/plugins/modules/sgt_info.py new file mode 100644 index 00000000..0e483e94 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sgt_info.py @@ -0,0 +1,161 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sgt_info +short_description: Information module for SGt +description: +- Get all SGt. +- Get SGt by id. +- This API allows the client to get a security group by ID. +- This API allows the client to get all the security groups. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SecurityGroups + description: Complete reference of the SecurityGroups API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!sgt +notes: + - SDK Method used are + security_groups.SecurityGroups.get_security_group_by_id, + security_groups.SecurityGroups.get_security_groups_generator, + + - Paths used are + get /ers/config/sgt, + get /ers/config/sgt/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SGt + cisco.ise.sgt_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SGt by id + cisco.ise.sgt_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "value": 0, + "generationId": "string", + "isReadOnly": true, + "propogateToApic": true, + "defaultSGACLs": [ + {} + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "value": 0, + "generationId": "string", + "isReadOnly": true, + "propogateToApic": true, + "defaultSGACLs": [ + {} + ], + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sms_provider_info.py b/ansible_collections/cisco/ise/plugins/modules/sms_provider_info.py new file mode 100644 index 00000000..6b6beed7 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sms_provider_info.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sms_provider_info +short_description: Information module for SMS Provider +description: +- Get all SMS Provider. +- This API allows the client to get all the SMS providers. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sms_provider.SmsProvider.get_sms_provider_generator, + + - Paths used are + get /ers/config/smsprovider, + +""" + +EXAMPLES = r""" +- name: Get all SMS Provider + cisco.ise.sms_provider_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsor_group.py b/ansible_collections/cisco/ise/plugins/modules/sponsor_group.py new file mode 100644 index 00000000..e684f937 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsor_group.py @@ -0,0 +1,309 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsor_group +short_description: Resource module for Sponsor Group +description: +- Manage operations create, update and delete of the resource Sponsor Group. +- This API creates a sponsor group. +- This API deletes a sponsor group by ID. +- This API allows the client to update a sponsor group by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + autoNotification: + description: AutoNotification flag. + type: bool + createPermissions: + description: Sponsor Group's createPermissions. + suboptions: + canCreateRandomAccounts: + description: CanCreateRandomAccounts flag. + type: bool + canImportMultipleAccounts: + description: CanImportMultipleAccounts flag. + type: bool + canSetFutureStartDate: + description: CanSetFutureStartDate flag. + type: bool + canSpecifyUsernamePrefix: + description: CanSpecifyUsernamePrefix flag. + type: bool + defaultUsernamePrefix: + description: Sponsor Group's defaultUsernamePrefix. + type: str + importBatchSizeLimit: + description: Sponsor Group's importBatchSizeLimit. + type: int + randomBatchSizeLimit: + description: Sponsor Group's randomBatchSizeLimit. + type: int + startDateFutureLimitDays: + description: Sponsor Group's startDateFutureLimitDays. + type: int + type: dict + description: + description: Sponsor Group's description. + type: str + guestTypes: + description: Sponsor Group's guestTypes. + elements: str + type: list + id: + description: Sponsor Group's id. + type: str + isDefaultGroup: + description: IsDefaultGroup flag. + type: bool + isEnabled: + description: IsEnabled flag. + type: bool + locations: + description: Sponsor Group's locations. + elements: str + type: list + managePermission: + description: Sponsor Group's managePermission. + type: str + memberGroups: + description: Sponsor Group's memberGroups. + elements: str + type: list + name: + description: Sponsor Group's name. + type: str + otherPermissions: + description: Sponsor Group's otherPermissions. + suboptions: + canAccessViaREST: + description: CanAccessViaREST flag. + type: bool + canApproveSelfregGuests: + description: CanApproveSelfregGuests flag. + type: bool + canDeleteGuestAccounts: + description: CanDeleteGuestAccounts flag. + type: bool + canExtendGuestAccounts: + description: CanExtendGuestAccounts flag. + type: bool + canReinstateSuspendedAccounts: + description: CanReinstateSuspendedAccounts flag. + type: bool + canResetGuestPasswords: + description: CanResetGuestPasswords flag. + type: bool + canSendSMSNotifications: + description: CanSendSMSNotifications flag. + type: bool + canSuspendGuestAccounts: + description: CanSuspendGuestAccounts flag. + type: bool + canUpdateGuestContactInfo: + description: CanUpdateGuestContactInfo flag. + type: bool + canViewGuestPasswords: + description: CanViewGuestPasswords flag. + type: bool + limitApprovalToSponsorsGuests: + description: LimitApprovalToSponsorsGuests flag. + type: bool + requireSuspensionReason: + description: RequireSuspensionReason flag. + type: bool + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsor_group.SponsorGroup.create_sponsor_group, + sponsor_group.SponsorGroup.delete_sponsor_group_by_id, + sponsor_group.SponsorGroup.update_sponsor_group_by_id, + + - Paths used are + post /ers/config/sponsorgroup, + delete /ers/config/sponsorgroup/{id}, + put /ers/config/sponsorgroup/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sponsor_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + autoNotification: true + createPermissions: + canCreateRandomAccounts: true + canImportMultipleAccounts: true + canSetFutureStartDate: true + canSpecifyUsernamePrefix: true + defaultUsernamePrefix: string + importBatchSizeLimit: 0 + randomBatchSizeLimit: 0 + startDateFutureLimitDays: 0 + description: string + guestTypes: + - string + id: string + isDefaultGroup: true + isEnabled: true + locations: + - string + managePermission: string + memberGroups: + - string + name: string + otherPermissions: + canAccessViaRest: true + canApproveSelfregGuests: true + canDeleteGuestAccounts: true + canExtendGuestAccounts: true + canReinstateSuspendedAccounts: true + canResetGuestPasswords: true + canSendSmsNotifications: true + canSuspendGuestAccounts: true + canUpdateGuestContactInfo: true + canViewGuestPasswords: true + limitApprovalToSponsorsGuests: true + requireSuspensionReason: true + +- name: Delete by id + cisco.ise.sponsor_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sponsor_group: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + autoNotification: true + createPermissions: + canCreateRandomAccounts: true + canImportMultipleAccounts: true + canSetFutureStartDate: true + canSpecifyUsernamePrefix: true + defaultUsernamePrefix: string + importBatchSizeLimit: 0 + randomBatchSizeLimit: 0 + startDateFutureLimitDays: 0 + description: string + guestTypes: + - string + isDefaultGroup: true + isEnabled: true + locations: + - string + managePermission: string + memberGroups: + - string + name: string + otherPermissions: + canAccessViaRest: true + canApproveSelfregGuests: true + canDeleteGuestAccounts: true + canExtendGuestAccounts: true + canReinstateSuspendedAccounts: true + canResetGuestPasswords: true + canSendSmsNotifications: true + canSuspendGuestAccounts: true + canUpdateGuestContactInfo: true + canViewGuestPasswords: true + limitApprovalToSponsorsGuests: true + requireSuspensionReason: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "isEnabled": true, + "isDefaultGroup": true, + "memberGroups": [ + "string" + ], + "guestTypes": [ + "string" + ], + "locations": [ + "string" + ], + "autoNotification": true, + "createPermissions": { + "canImportMultipleAccounts": true, + "importBatchSizeLimit": 0, + "canCreateRandomAccounts": true, + "randomBatchSizeLimit": 0, + "defaultUsernamePrefix": "string", + "canSpecifyUsernamePrefix": true, + "canSetFutureStartDate": true, + "startDateFutureLimitDays": 0 + }, + "managePermission": "string", + "otherPermissions": { + "canUpdateGuestContactInfo": true, + "canViewGuestPasswords": true, + "canSendSmsNotifications": true, + "canResetGuestPasswords": true, + "canExtendGuestAccounts": true, + "canDeleteGuestAccounts": true, + "canSuspendGuestAccounts": true, + "requireSuspensionReason": true, + "canReinstateSuspendedAccounts": true, + "canApproveSelfregGuests": true, + "limitApprovalToSponsorsGuests": true, + "canAccessViaRest": true + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsor_group_info.py b/ansible_collections/cisco/ise/plugins/modules/sponsor_group_info.py new file mode 100644 index 00000000..b6892c6f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsor_group_info.py @@ -0,0 +1,217 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsor_group_info +short_description: Information module for Sponsor Group +description: +- Get all Sponsor Group. +- Get Sponsor Group by id. +- This API allows the client to get a sponsor group by ID. +- This API allows the client to get all the sponsor groups. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsor_group.SponsorGroup.get_sponsor_group_by_id, + sponsor_group.SponsorGroup.get_sponsor_group_generator, + + - Paths used are + get /ers/config/sponsorgroup, + get /ers/config/sponsorgroup/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Sponsor Group + cisco.ise.sponsor_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Sponsor Group by id + cisco.ise.sponsor_group_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "isEnabled": true, + "isDefaultGroup": true, + "memberGroups": [ + "string" + ], + "guestTypes": [ + "string" + ], + "locations": [ + "string" + ], + "autoNotification": true, + "createPermissions": { + "canImportMultipleAccounts": true, + "importBatchSizeLimit": 0, + "canCreateRandomAccounts": true, + "randomBatchSizeLimit": 0, + "defaultUsernamePrefix": "string", + "canSpecifyUsernamePrefix": true, + "canSetFutureStartDate": true, + "startDateFutureLimitDays": 0 + }, + "managePermission": "string", + "otherPermissions": { + "canUpdateGuestContactInfo": true, + "canViewGuestPasswords": true, + "canSendSmsNotifications": true, + "canResetGuestPasswords": true, + "canExtendGuestAccounts": true, + "canDeleteGuestAccounts": true, + "canSuspendGuestAccounts": true, + "requireSuspensionReason": true, + "canReinstateSuspendedAccounts": true, + "canApproveSelfregGuests": true, + "limitApprovalToSponsorsGuests": true, + "canAccessViaRest": true + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "isEnabled": true, + "isDefaultGroup": true, + "memberGroups": [ + "string" + ], + "guestTypes": [ + "string" + ], + "locations": [ + "string" + ], + "autoNotification": true, + "createPermissions": { + "canImportMultipleAccounts": true, + "importBatchSizeLimit": 0, + "canCreateRandomAccounts": true, + "randomBatchSizeLimit": 0, + "defaultUsernamePrefix": "string", + "canSpecifyUsernamePrefix": true, + "canSetFutureStartDate": true, + "startDateFutureLimitDays": 0 + }, + "managePermission": "string", + "otherPermissions": { + "canUpdateGuestContactInfo": true, + "canViewGuestPasswords": true, + "canSendSmsNotifications": true, + "canResetGuestPasswords": true, + "canExtendGuestAccounts": true, + "canDeleteGuestAccounts": true, + "canSuspendGuestAccounts": true, + "requireSuspensionReason": true, + "canReinstateSuspendedAccounts": true, + "canApproveSelfregGuests": true, + "limitApprovalToSponsorsGuests": true, + "canAccessViaRest": true + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsor_group_member_info.py b/ansible_collections/cisco/ise/plugins/modules/sponsor_group_member_info.py new file mode 100644 index 00000000..c49c76f4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsor_group_member_info.py @@ -0,0 +1,127 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsor_group_member_info +short_description: Information module for Sponsor Group Member +description: +- Get all Sponsor Group Member. +- This API allows the client to get all the sponsor group members. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsor_group_member.SponsorGroupMember.get_sponsor_group_member_generator, + + - Paths used are + get /ers/config/sponsorgroupmember, + +""" + +EXAMPLES = r""" +- name: Get all Sponsor Group Member + cisco.ise.sponsor_group_member_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsor_portal.py b/ansible_collections/cisco/ise/plugins/modules/sponsor_portal.py new file mode 100644 index 00000000..22b53b5f --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsor_portal.py @@ -0,0 +1,609 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsor_portal +short_description: Resource module for Sponsor Portal +description: +- Manage operations create, update and delete of the resource Sponsor Portal. +- This API creates a sponsor portal. +- This API deletes a sponsor portal by ID. +- This API allows the client to update a sponsor portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Sponsor Portal's customizations. + suboptions: + globalCustomizations: + description: Sponsor Portal's globalCustomizations. + suboptions: + backgroundImage: + description: Sponsor Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: Sponsor Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: Sponsor Portal's bannerTitle. + type: str + contactText: + description: Sponsor Portal's contactText. + type: str + desktopLogoImage: + description: Sponsor Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: Sponsor Portal's footerElement. + type: str + mobileLogoImage: + description: Sponsor Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: Sponsor Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Sponsor Portal's pageCustomizations. + suboptions: + data: + description: The Dictionary will be exposed here as key value pair. + elements: dict + suboptions: + key: + description: Sponsor Portal's key. + type: str + value: + description: Sponsor Portal's value. + type: str + type: list + type: dict + portalTheme: + description: Sponsor Portal's portalTheme. + suboptions: + id: + description: Sponsor Portal's id. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: Sponsor Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: Sponsor Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: Sponsor Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: Sponsor Portal's description. + type: str + id: + description: Sponsor Portal's id. + type: str + name: + description: Sponsor Portal's name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a portal. + suboptions: + aupSettings: + description: Sponsor Portal's aupSettings. + suboptions: + displayFrequency: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed Values - FIRSTLOGIN, - EVERYLOGIN, + - RECURRING. + type: str + displayFrequencyIntervalDays: + description: Number of days between AUP confirmations (when displayFrequency + = recurring). + type: int + includeAup: + description: IncludeAup flag. + type: bool + requireScrolling: + description: RequireScrolling flag. + type: bool + type: dict + loginPageSettings: + description: Portal Login Page settings groups follow. + suboptions: + aupDisplay: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed values - ONPAGE, - ASLINK. + type: str + includeAup: + description: Include an Acceptable Use Policy (AUP) that should be displayed + during login. + type: bool + maxFailedAttemptsBeforeRateLimit: + description: Maximum failed login attempts before rate limiting. + type: int + requireAupAcceptance: + description: Require the portal user to accept the AUP. Only valid if includeAup + = true. + type: bool + requireAupScrolling: + description: RequireAupScrolling flag. + type: bool + socialConfigs: + description: Sponsor Portal's socialConfigs. + elements: dict + type: list + timeBetweenLoginsDuringRateLimit: + description: Time between login attempts when rate limiting. + type: int + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0, - eth1, - eth2, - eth3, - eth4, - eth5, - bond0, - bond1, - bond2. + elements: str + type: list + authenticationMethod: + description: Unique Id of the identity source sequence. + type: str + availableSSIDs: + description: Names of the SSIDs available for assignment to guest users + by sponsors. + elements: str + type: list + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + fqdn: + description: The fully-qualified domain name (FQDN) that end-users will + use to access this portal. Used only in Sponsor portal. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + idleTimeout: + description: Sponsor Portal's idleTimeout. + type: int + type: dict + postAccessBannerSettings: + description: Sponsor Portal's postAccessBannerSettings. + suboptions: + includePostAccessBanner: + description: IncludePostAccessBanner flag. + type: bool + type: dict + postLoginBannerSettings: + description: Sponsor Portal's postLoginBannerSettings. + suboptions: + includePostAccessBanner: + description: Include a Post-Login Banner page. + type: bool + type: dict + sponsorChangePasswordSettings: + description: Sponsor Portal's sponsorChangePasswordSettings. + suboptions: + allowSponsorToChangePwd: + description: Allow sponsors to change their own passwords. + type: bool + type: dict + supportInfoSettings: + description: Sponsor Portal's supportInfoSettings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsor_portal.SponsorPortal.create_sponsor_portal, + sponsor_portal.SponsorPortal.delete_sponsor_portal_by_id, + sponsor_portal.SponsorPortal.update_sponsor_portal_by_id, + + - Paths used are + post /ers/config/sponsorportal, + delete /ers/config/sponsorportal/{id}, + put /ers/config/sponsorportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sponsor_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireScrolling: true + loginPageSettings: + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAupAcceptance: true + requireAupScrolling: true + socialConfigs: + - {} + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + authenticationMethod: string + availableSsids: + - string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + fqdn: string + httpsPort: 0 + idleTimeout: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + sponsorChangePasswordSettings: + allowSponsorToChangePwd: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.sponsor_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sponsor_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireScrolling: true + loginPageSettings: + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAupAcceptance: true + requireAupScrolling: true + socialConfigs: + - {} + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + authenticationMethod: string + availableSsids: + - string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + fqdn: string + httpsPort: 0 + idleTimeout: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + sponsorChangePasswordSettings: + allowSponsorToChangePwd: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "fqdn": "string", + "authenticationMethod": "string", + "idleTimeout": 0, + "displayLang": "string", + "fallbackLanguage": "string", + "availableSsids": [ + "string" + ] + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireAupScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "includeAup": true, + "requireScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "sponsorChangePasswordSettings": { + "allowSponsorToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsor_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/sponsor_portal_info.py new file mode 100644 index 00000000..8fafce1d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsor_portal_info.py @@ -0,0 +1,335 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsor_portal_info +short_description: Information module for Sponsor Portal +description: +- Get all Sponsor Portal. +- Get Sponsor Portal by id. +- This API allows the client to get a sponsor portal by ID. +- This API allows the client to get all the sponsor portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsor_portal.SponsorPortal.get_sponsor_portal_by_id, + sponsor_portal.SponsorPortal.get_sponsor_portal_generator, + + - Paths used are + get /ers/config/sponsorportal, + get /ers/config/sponsorportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Sponsor Portal + cisco.ise.sponsor_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Sponsor Portal by id + cisco.ise.sponsor_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "fqdn": "string", + "authenticationMethod": "string", + "idleTimeout": 0, + "displayLang": "string", + "fallbackLanguage": "string", + "availableSsids": [ + "string" + ] + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireAupScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "includeAup": true, + "requireScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "sponsorChangePasswordSettings": { + "allowSponsorToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "fqdn": "string", + "authenticationMethod": "string", + "idleTimeout": 0, + "displayLang": "string", + "fallbackLanguage": "string", + "availableSsids": [ + "string" + ] + }, + "loginPageSettings": { + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireAupScrolling": true, + "socialConfigs": [ + {} + ] + }, + "aupSettings": { + "includeAup": true, + "requireScrolling": true, + "displayFrequency": "string", + "displayFrequencyIntervalDays": 0 + }, + "sponsorChangePasswordSettings": { + "allowSponsorToChangePwd": true + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal.py b/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal.py new file mode 100644 index 00000000..85f38644 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal.py @@ -0,0 +1,804 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsored_guest_portal +short_description: Resource module for Sponsored Guest Portal +description: +- Manage operations create, update and delete of the resource Sponsored Guest Portal. +- This API creates a sponsored guest portal. +- This API deletes a sponsored guest portal by ID. +- This API allows the client to update a sponsored guest portal by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + customizations: + description: Defines all of the Portal Customizations available. + suboptions: + globalCustomizations: + description: Sponsored Guest Portal's globalCustomizations. + suboptions: + backgroundImage: + description: Sponsored Guest Portal's backgroundImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerImage: + description: Sponsored Guest Portal's bannerImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + bannerTitle: + description: Sponsored Guest Portal's bannerTitle. + type: str + contactText: + description: Sponsored Guest Portal's contactText. + type: str + desktopLogoImage: + description: Sponsored Guest Portal's desktopLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + footerElement: + description: Sponsored Guest Portal's footerElement. + type: str + mobileLogoImage: + description: Sponsored Guest Portal's mobileLogoImage. + suboptions: + data: + description: Represented as base 64 encoded string of the image byte + array. + type: str + type: dict + type: dict + language: + description: This property is supported only for Read operation and it allows + to show the customizations in English. Other languages are not supported. + suboptions: + viewLanguage: + description: Sponsored Guest Portal's viewLanguage. + type: str + type: dict + pageCustomizations: + description: Represent the entire page customization as a giant dictionary. + suboptions: + data: + description: The Dictionary will be exposed here as key value pair. + elements: dict + suboptions: + key: + description: Sponsored Guest Portal's key. + type: str + value: + description: Sponsored Guest Portal's value. + type: str + type: list + type: dict + portalTheme: + description: Sponsored Guest Portal's portalTheme. + suboptions: + id: + description: Sponsored Guest Portal's id. + type: str + name: + description: The system- or user-assigned name of the portal theme. + type: str + themeData: + description: A CSS file, represented as a Base64-encoded byte array. + type: str + type: dict + portalTweakSettings: + description: The Tweak Settings are a customization of the Portal Theme that + has been selected for the portal. When the Portal Theme selection is changed, + the Tweak Settings are overwritten to match the values in the theme. The Tweak + Settings can subsequently be changed by the user. + suboptions: + bannerColor: + description: Hex value of color. + type: str + bannerTextColor: + description: Sponsored Guest Portal's bannerTextColor. + type: str + pageBackgroundColor: + description: Sponsored Guest Portal's pageBackgroundColor. + type: str + pageLabelAndTextColor: + description: Sponsored Guest Portal's pageLabelAndTextColor. + type: str + type: dict + type: dict + description: + description: Sponsored Guest Portal's description. + type: str + id: + description: Sponsored Guest Portal's id. + type: str + name: + description: Sponsored Guest Portal's name. + type: str + portalTestUrl: + description: URL to bring up a test page for this portal. + type: str + portalType: + description: Allowed values - BYOD, - HOTSPOTGUEST, - MYDEVICE, - SELFREGGUEST, + - SPONSOR, - SPONSOREDGUEST. + type: str + settings: + description: Defines all of the settings groups available for a portal. + suboptions: + aupSettings: + description: Sponsored Guest Portal's aupSettings. + suboptions: + displayFrequency: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed Values - FIRSTLOGIN, - EVERYLOGIN, + - RECURRING. + type: str + displayFrequencyIntervalDays: + description: Number of days between AUP confirmations (when displayFrequency + = recurring). + type: int + includeAup: + description: IncludeAup flag. + type: bool + requireAupScrolling: + description: Require the portal user to scroll to the end of the AUP. Only + valid if requireAupAcceptance = true. + type: bool + requireScrolling: + description: RequireScrolling flag. + type: bool + skipAupForEmployees: + description: Only valid if requireAupAcceptance = true. + type: bool + useDiffAupForEmployees: + description: Only valid if requireAupAcceptance = true. + type: bool + type: dict + authSuccessSettings: + description: Sponsored Guest Portal's authSuccessSettings. + suboptions: + redirectUrl: + description: Target URL for redirection, used when successRedirect = URL. + type: str + successRedirect: + description: After an Authentication Success where should device be redirected. + Allowed values - AUTHSUCCESSPAGE, - ORIGINATINGURL, - URL. + type: str + type: dict + byodSettings: + description: Sponsored Guest Portal's byodSettings. + suboptions: + byodRegistrationSettings: + description: Configuration of BYOD endpoint Registration step configuration. + suboptions: + endPointIdentityGroupId: + description: Identity group id for which endpoint belongs. + type: str + showDeviceID: + description: Display Device ID field during registration. + type: bool + type: dict + byodRegistrationSuccessSettings: + description: Sponsored Guest Portal's byodRegistrationSuccessSettings. + suboptions: + redirectUrl: + description: Target URL for redirection, used when successRedirect = + URL. + type: str + successRedirect: + description: After an Authentication Success where should device be + redirected. Allowed values - AUTHSUCCESSPAGE, - ORIGINATINGURL, - + URL. + type: str + type: dict + byodWelcomeSettings: + description: Sponsored Guest Portal's byodWelcomeSettings. + suboptions: + aupDisplay: + description: How the AUP should be displayed, either on page or as a + link. Only valid if includeAup = true. Allowed values - ONPAGE, - + ASLINK. + type: str + enableBYOD: + description: EnableBYOD flag. + type: bool + enableGuestAccess: + description: EnableGuestAccess flag. + type: bool + includeAup: + description: IncludeAup flag. + type: bool + requireAupAcceptance: + description: RequireAupAcceptance flag. + type: bool + requireMDM: + description: RequireMDM flag. + type: bool + requireScrolling: + description: Require BYOD devices to scroll down to the bottom of the + AUP. Only valid if includeAup = true. + type: bool + type: dict + type: dict + guestChangePasswordSettings: + description: Sponsored Guest Portal's guestChangePasswordSettings. + suboptions: + allowChangePasswdAtFirstLogin: + description: Allow guest to change their own passwords. + type: bool + type: dict + guestDeviceRegistrationSettings: + description: Sponsored Guest Portal's guestDeviceRegistrationSettings. + suboptions: + allowGuestsToRegisterDevices: + description: Allow guests to register devices. + type: bool + autoRegisterGuestDevices: + description: Automatically register guest devices. + type: bool + type: dict + loginPageSettings: + description: Portal Login Page settings groups follow. + suboptions: + accessCode: + description: Access code that must be entered by the portal user (only valid + if requireAccessCode = true). + type: str + allowAlternateGuestPortal: + description: AllowAlternateGuestPortal flag. + type: bool + allowForgotPassword: + description: AllowForgotPassword flag. + type: bool + allowGuestToChangePassword: + description: Require the portal user to enter an access code. + type: bool + allowGuestToCreateAccounts: + description: AllowGuestToCreateAccounts flag. + type: bool + aupDisplay: + description: How the AUP should be displayed, either on page or as a link. + Only valid if includeAup = true. Allowed values - ONPAGE, - ASLINK. + type: str + includeAup: + description: Include an Acceptable Use Policy (AUP) that should be displayed + during login. + type: bool + maxFailedAttemptsBeforeRateLimit: + description: Maximum failed login attempts before rate limiting. + type: int + requireAccessCode: + description: RequireAccessCode flag. + type: bool + requireAupAcceptance: + description: Require the portal user to accept the AUP. Only valid if includeAup + = true. + type: bool + socialConfigs: + description: Sponsored Guest Portal's socialConfigs. + elements: dict + suboptions: + socialMediaType: + description: Sponsored Guest Portal's socialMediaType. + type: str + socialMediaValue: + description: Sponsored Guest Portal's socialMediaValue. + type: str + type: list + timeBetweenLoginsDuringRateLimit: + description: Time between login attempts when rate limiting. + type: int + type: dict + portalSettings: + description: The port, interface, certificate, and other basic settings of a + portal. + suboptions: + allowedInterfaces: + description: Interfaces that the portal will be reachable on. Allowed values + - eth0, - eth1, - eth2, - eth3, - eth4, - eth5, - bond0, - bond1, - bond2. + elements: str + type: list + alwaysUsedLanguage: + description: Sponsored Guest Portal's alwaysUsedLanguage. + type: str + assignedGuestTypeForEmployee: + description: Unique Id of a guest type. Employees using this portal as a + guest inherit login options from the guest type. + type: str + authenticationMethod: + description: Unique Id of the identity source sequence. + type: str + certificateGroupTag: + description: Logical name of the x.509 server certificate that will be used + for the portal. + type: str + displayLang: + description: Allowed values - USEBROWSERLOCALE, - ALWAYSUSE. + type: str + fallbackLanguage: + description: Used when displayLang = USEBROWSERLOCALE. + type: str + httpsPort: + description: The port number that the allowed interfaces will listen on. + Range from 8000 to 8999. + type: int + type: dict + postAccessBannerSettings: + description: Sponsored Guest Portal's postAccessBannerSettings. + suboptions: + includePostAccessBanner: + description: IncludePostAccessBanner flag. + type: bool + type: dict + postLoginBannerSettings: + description: Sponsored Guest Portal's postLoginBannerSettings. + suboptions: + includePostAccessBanner: + description: Include a Post-Login Banner page. + type: bool + type: dict + supportInfoSettings: + description: Sponsored Guest Portal's supportInfoSettings. + suboptions: + defaultEmptyFieldValue: + description: The default value displayed for an empty field. Only valid + when emptyFieldDisplay = DISPLAYWITHDEFAULTVALUE. + type: str + emptyFieldDisplay: + description: Specifies how empty fields are handled on the Support Information + Page. Allowed values - HIDE, - DISPLAYWITHNOVALUE, - DISPLAYWITHDEFAULTVALUE. + type: str + includeBrowserUserAgent: + description: IncludeBrowserUserAgent flag. + type: bool + includeFailureCode: + description: IncludeFailureCode flag. + type: bool + includeIpAddress: + description: IncludeIpAddress flag. + type: bool + includeMacAddr: + description: IncludeMacAddr flag. + type: bool + includePolicyServer: + description: IncludePolicyServer flag. + type: bool + includeSupportInfoPage: + description: IncludeSupportInfoPage flag. + type: bool + type: dict + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsored_guest_portal.SponsoredGuestPortal.create_sponsored_guest_portal, + sponsored_guest_portal.SponsoredGuestPortal.delete_sponsored_guest_portal_by_id, + sponsored_guest_portal.SponsoredGuestPortal.update_sponsored_guest_portal_by_id, + + - Paths used are + post /ers/config/sponsoredguestportal, + delete /ers/config/sponsoredguestportal/{id}, + put /ers/config/sponsoredguestportal/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sponsored_guest_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + id: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireAupScrolling: true + requireScrolling: true + skipAupForEmployees: true + useDiffAupForEmployees: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + guestChangePasswordSettings: + allowChangePasswdAtFirstLogin: true + guestDeviceRegistrationSettings: + allowGuestsToRegisterDevices: true + autoRegisterGuestDevices: true + loginPageSettings: + accessCode: string + allowAlternateGuestPortal: true + allowForgotPassword: true + allowGuestToChangePassword: true + allowGuestToCreateAccounts: true + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAccessCode: true + requireAupAcceptance: true + socialConfigs: + - socialMediaType: string + socialMediaValue: string + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + assignedGuestTypeForEmployee: string + authenticationMethod: string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +- name: Delete by id + cisco.ise.sponsored_guest_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sponsored_guest_portal: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + customizations: + globalCustomizations: + backgroundImage: + data: string + bannerImage: + data: string + bannerTitle: string + contactText: string + desktopLogoImage: + data: string + footerElement: string + mobileLogoImage: + data: string + language: + viewLanguage: string + pageCustomizations: + data: + - key: string + value: string + portalTheme: + id: string + name: string + themeData: string + portalTweakSettings: + bannerColor: string + bannerTextColor: string + pageBackgroundColor: string + pageLabelAndTextColor: string + description: string + name: string + portalTestUrl: string + portalType: string + settings: + aupSettings: + displayFrequency: string + displayFrequencyIntervalDays: 0 + includeAup: true + requireAupScrolling: true + requireScrolling: true + skipAupForEmployees: true + useDiffAupForEmployees: true + authSuccessSettings: + redirectUrl: string + successRedirect: string + byodSettings: + byodRegistrationSettings: + endPointIdentityGroupId: string + showDeviceID: true + byodRegistrationSuccessSettings: + redirectUrl: string + successRedirect: string + byodWelcomeSettings: + aupDisplay: string + enableBYOD: true + enableGuestAccess: true + includeAup: true + requireAupAcceptance: true + requireMDM: true + requireScrolling: true + guestChangePasswordSettings: + allowChangePasswdAtFirstLogin: true + guestDeviceRegistrationSettings: + allowGuestsToRegisterDevices: true + autoRegisterGuestDevices: true + loginPageSettings: + accessCode: string + allowAlternateGuestPortal: true + allowForgotPassword: true + allowGuestToChangePassword: true + allowGuestToCreateAccounts: true + aupDisplay: string + includeAup: true + maxFailedAttemptsBeforeRateLimit: 0 + requireAccessCode: true + requireAupAcceptance: true + socialConfigs: + - socialMediaType: string + socialMediaValue: string + timeBetweenLoginsDuringRateLimit: 0 + portalSettings: + allowedInterfaces: + - string + alwaysUsedLanguage: string + assignedGuestTypeForEmployee: string + authenticationMethod: string + certificateGroupTag: string + displayLang: string + fallbackLanguage: string + httpsPort: 0 + postAccessBannerSettings: + includePostAccessBanner: true + postLoginBannerSettings: + includePostAccessBanner: true + supportInfoSettings: + defaultEmptyFieldValue: string + emptyFieldDisplay: string + includeBrowserUserAgent: true + includeFailureCode: true + includeIpAddress: true + includeMacAddr: true + includePolicyServer: true + includeSupportInfoPage: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "aupSettings": { + "includeAup": true, + "requireAupScrolling": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "displayFrequencyIntervalDays": 0, + "requireScrolling": true, + "displayFrequency": "string" + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal_info.py b/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal_info.py new file mode 100644 index 00000000..d4e2649a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sponsored_guest_portal_info.py @@ -0,0 +1,405 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sponsored_guest_portal_info +short_description: Information module for Sponsored Guest Portal +description: +- Get all Sponsored Guest Portal. +- Get Sponsored Guest Portal by id. +- This API allows the client to get a sponsored guest portal by ID. +- This API allows the client to get all the sponsored guest portals. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sponsored_guest_portal.SponsoredGuestPortal.get_sponsored_guest_portal_by_id, + sponsored_guest_portal.SponsoredGuestPortal.get_sponsored_guest_portals_generator, + + - Paths used are + get /ers/config/sponsoredguestportal, + get /ers/config/sponsoredguestportal/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Sponsored Guest Portal + cisco.ise.sponsored_guest_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get Sponsored Guest Portal by id + cisco.ise.sponsored_guest_portal_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "aupSettings": { + "includeAup": true, + "requireAupScrolling": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "displayFrequencyIntervalDays": 0, + "requireScrolling": true, + "displayFrequency": "string" + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "portalType": "string", + "portalTestUrl": "string", + "settings": { + "portalSettings": { + "httpsPort": 0, + "allowedInterfaces": [ + "string" + ], + "certificateGroupTag": "string", + "authenticationMethod": "string", + "assignedGuestTypeForEmployee": "string", + "displayLang": "string", + "fallbackLanguage": "string", + "alwaysUsedLanguage": "string" + }, + "loginPageSettings": { + "requireAccessCode": true, + "maxFailedAttemptsBeforeRateLimit": 0, + "timeBetweenLoginsDuringRateLimit": 0, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "accessCode": "string", + "allowGuestToCreateAccounts": true, + "allowForgotPassword": true, + "allowGuestToChangePassword": true, + "allowAlternateGuestPortal": true, + "socialConfigs": [ + { + "socialMediaType": "string", + "socialMediaValue": "string" + } + ] + }, + "aupSettings": { + "includeAup": true, + "requireAupScrolling": true, + "useDiffAupForEmployees": true, + "skipAupForEmployees": true, + "displayFrequencyIntervalDays": 0, + "requireScrolling": true, + "displayFrequency": "string" + }, + "guestChangePasswordSettings": { + "allowChangePasswdAtFirstLogin": true + }, + "guestDeviceRegistrationSettings": { + "autoRegisterGuestDevices": true, + "allowGuestsToRegisterDevices": true + }, + "byodSettings": { + "byodWelcomeSettings": { + "enableBYOD": true, + "enableGuestAccess": true, + "requireMDM": true, + "includeAup": true, + "aupDisplay": "string", + "requireAupAcceptance": true, + "requireScrolling": true + }, + "byodRegistrationSettings": { + "showDeviceID": true, + "endPointIdentityGroupId": "string" + }, + "byodRegistrationSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + } + }, + "postAccessBannerSettings": { + "includePostAccessBanner": true + }, + "authSuccessSettings": { + "successRedirect": "string", + "redirectUrl": "string" + }, + "postLoginBannerSettings": { + "includePostAccessBanner": true + }, + "supportInfoSettings": { + "includeSupportInfoPage": true, + "includeMacAddr": true, + "includeIpAddress": true, + "includeBrowserUserAgent": true, + "includePolicyServer": true, + "includeFailureCode": true, + "emptyFieldDisplay": "string", + "defaultEmptyFieldValue": "string" + } + }, + "customizations": { + "portalTheme": { + "id": "string", + "name": "string", + "themeData": "string" + }, + "portalTweakSettings": { + "bannerColor": "string", + "bannerTextColor": "string", + "pageBackgroundColor": "string", + "pageLabelAndTextColor": "string" + }, + "language": { + "viewLanguage": "string" + }, + "globalCustomizations": { + "mobileLogoImage": { + "data": "string" + }, + "desktopLogoImage": { + "data": "string" + }, + "bannerImage": { + "data": "string" + }, + "backgroundImage": { + "data": "string" + }, + "bannerTitle": "string", + "contactText": "string", + "footerElement": "string" + }, + "pageCustomizations": { + "data": [ + { + "key": "string", + "value": "string" + } + ] + } + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/support_bundle.py b/ansible_collections/cisco/ise/plugins/modules/support_bundle.py new file mode 100644 index 00000000..81aaf5bf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/support_bundle.py @@ -0,0 +1,105 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: support_bundle +short_description: Resource module for Support Bundle +description: +- Manage operation create of the resource Support Bundle. +- This API allows the client to create a support bundle trigger configuration. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Support Bundle's description. + type: str + hostName: + description: This parameter is hostName only, xxxx of xxxx.yyy.zz. + type: str + name: + description: Resource Name. + type: str + supportBundleIncludeOptions: + description: Support Bundle's supportBundleIncludeOptions. + suboptions: + fromDate: + description: Date from where support bundle should include the logs. + type: str + includeConfigDB: + description: Set to include Config DB in Support Bundle. + type: bool + includeCoreFiles: + description: Set to include Core files in Support Bundle. + type: bool + includeDebugLogs: + description: Set to include Debug logs in Support Bundle. + type: bool + includeLocalLogs: + description: Set to include Local logs in Support Bundle. + type: bool + includeSystemLogs: + description: Set to include System logs in Support Bundle. + type: bool + mntLogs: + description: Set to include Monitoring and troublshooting logs in Support Bundle. + type: bool + policyXml: + description: Set to include Policy XML in Support Bundle. + type: bool + toDate: + description: Date upto where support bundle should include the logs. + type: str + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for SupportBundleTriggerConfiguration + description: Complete reference of the SupportBundleTriggerConfiguration API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!supportbundle +notes: + - SDK Method used are + support_bundle_trigger_configuration.SupportBundleTriggerConfiguration.create_support_bundle, + + - Paths used are + post /ers/config/supportbundle, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.support_bundle: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + description: string + hostName: string + name: string + supportBundleIncludeOptions: + fromDate: string + includeConfigDB: true + includeCoreFiles: true + includeDebugLogs: true + includeLocalLogs: true + includeSystemLogs: true + mntLogs: true + policyXml: true + toDate: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/support_bundle_download.py b/ansible_collections/cisco/ise/plugins/modules/support_bundle_download.py new file mode 100644 index 00000000..c6b8b463 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/support_bundle_download.py @@ -0,0 +1,69 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: support_bundle_download +short_description: Resource module for Support Bundle Download +description: +- Manage operation update of the resource Support Bundle Download. +- This API allows the client to upload a support bundle. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + dirPath: + description: Directory absolute path. Defaults to the current working directory. + type: str + fileName: + description: Support Bundle Download's fileName. + type: str + filename: + description: The filename used to save the download file. + type: str + saveFile: + description: Enable or disable automatic file creation of raw response. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + support_bundle_download.SupportBundleDownload.download_support_bundle, + + - Paths used are + put /ers/config/supportbundledownload, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.support_bundle_download: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + dirPath: /tmp/downloads/ + fileName: string + filename: download_filename.extension + saveFile: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "data": "filecontent", + "filename": "filename", + "dirpath": "download/directory", + "path": "download/directory/filename" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/support_bundle_status_info.py b/ansible_collections/cisco/ise/plugins/modules/support_bundle_status_info.py new file mode 100644 index 00000000..0cdb8aaf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/support_bundle_status_info.py @@ -0,0 +1,117 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: support_bundle_status_info +short_description: Information module for Support Bundle Status +description: +- Get all Support Bundle Status. +- Get Support Bundle Status by id. +- This API allows the client to get a support bundle status by ID. +- This API allows the client to get all the support bundle status. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + support_bundle_status.SupportBundleStatus.get_support_bundle_status_by_id, + support_bundle_status.SupportBundleStatus.get_support_bundle_status_generator, + + - Paths used are + get /ers/config/supportbundlestatus, + get /ers/config/supportbundlestatus/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Support Bundle Status + cisco.ise.support_bundle_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get Support Bundle Status by id + cisco.ise.support_bundle_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "fileName": "string", + "fileSize": 0, + "hostName": "string", + "message": "string", + "startTime": "string", + "status": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "fileName": "string", + "fileSize": 0, + "hostName": "string", + "message": "string", + "startTime": "string", + "status": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_connections.py b/ansible_collections/cisco/ise/plugins/modules/sxp_connections.py new file mode 100644 index 00000000..544a65b8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_connections.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_connections +short_description: Resource module for SXP Connections +description: +- Manage operations create, update and delete of the resource SXP Connections. +- This API creates a SXP connection. +- This API deletes a SXP connection. +- This API allows the client to update a SXP connection. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: SXP Connections's description. + type: str + enabled: + description: Enabled flag. + type: bool + id: + description: SXP Connections's id. + type: str + ipAddress: + description: SXP Connections's ipAddress. + type: str + sxpMode: + description: SXP Connections's sxpMode. + type: str + sxpNode: + description: SXP Connections's sxpNode. + type: str + sxpPeer: + description: SXP Connections's sxpPeer. + type: str + sxpVersion: + description: SXP Connections's sxpVersion. + type: str + sxpVpn: + description: SXP Connections's sxpVpn. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_connections.SxpConnections.create_sxp_connections, + sxp_connections.SxpConnections.delete_sxp_connections_by_id, + sxp_connections.SxpConnections.update_sxp_connections_by_id, + + - Paths used are + post /ers/config/sxpconnections, + delete /ers/config/sxpconnections/{id}, + put /ers/config/sxpconnections/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sxp_connections: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + enabled: true + id: string + ipAddress: string + sxpMode: string + sxpNode: string + sxpPeer: string + sxpVersion: string + sxpVpn: string + +- name: Delete by id + cisco.ise.sxp_connections: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sxp_connections: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + enabled: true + ipAddress: string + sxpMode: string + sxpNode: string + sxpPeer: string + sxpVersion: string + sxpVpn: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "description": "string", + "sxpPeer": "string", + "sxpVpn": "string", + "sxpNode": "string", + "ipAddress": "string", + "sxpMode": "string", + "sxpVersion": "string", + "enabled": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_monitor_status_info.py new file mode 100644 index 00000000..bfa5183c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_connections_bulk_monitor_status_info +short_description: Information module for SXP Connections Bulk Monitor Status +description: +- Get SXP Connections Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_connections.SxpConnections.monitor_bulk_status_sxp_connections, + + - Paths used are + get /ers/config/sxpconnections/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SXP Connections Bulk Monitor Status by id + cisco.ise.sxp_connections_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_request.py new file mode 100644 index 00000000..02ca9ce0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_connections_bulk_request +short_description: Resource module for SXP Connections Bulk Request +description: +- Manage operation update of the resource SXP Connections Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SXP Connections Bulk Request's operationType. + type: str + resourceMediaType: + description: SXP Connections Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_connections.SxpConnections.bulk_request_for_sxp_connections, + + - Paths used are + put /ers/config/sxpconnections/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sxp_connections_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_connections_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_info.py new file mode 100644 index 00000000..08a50da5 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_connections_info.py @@ -0,0 +1,155 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_connections_info +short_description: Information module for SXP Connections +description: +- Get all SXP Connections. +- Get SXP Connections by id. +- This API allows the client to get a SXP connection by ID. +- This API allows the client to get all the SXP connections. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_connections.SxpConnections.get_sxp_connections_by_id, + sxp_connections.SxpConnections.get_sxp_connections_generator, + + - Paths used are + get /ers/config/sxpconnections, + get /ers/config/sxpconnections/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SXP Connections + cisco.ise.sxp_connections_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SXP Connections by id + cisco.ise.sxp_connections_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "description": "string", + "sxpPeer": "string", + "sxpVpn": "string", + "sxpNode": "string", + "ipAddress": "string", + "sxpMode": "string", + "sxpVersion": "string", + "enabled": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "description": "string", + "sxpPeer": "string", + "sxpVpn": "string", + "sxpNode": "string", + "ipAddress": "string", + "sxpMode": "string", + "sxpVersion": "string", + "enabled": true, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings.py b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings.py new file mode 100644 index 00000000..5eff2ab4 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings.py @@ -0,0 +1,143 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_local_bindings +short_description: Resource module for SXP Local Bindings +description: +- Manage operations create, update and delete of the resource SXP Local Bindings. +- This API creates a SXP local binding. +- This API deletes a SXP local binding. +- This API allows the client to update a SXP local binding. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + bindingName: + description: This field is depricated from Cisco ISE 3.0. + type: str + description: + description: SXP Local Bindings's description. + type: str + id: + description: SXP Local Bindings's id. + type: str + ipAddressOrHost: + description: IP address for static mapping (hostname is not supported). + type: str + sgt: + description: SGT name or ID. + type: str + sxpVpn: + description: List of SXP Domains, separated with comma. At least one of sxpVpn or + vns should be defined. + type: str + vns: + description: List of Virtual Networks, separated with comma. At least one of sxpVpn + or vns should be defined. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_local_bindings.SxpLocalBindings.create_sxp_local_bindings, + sxp_local_bindings.SxpLocalBindings.delete_sxp_local_bindings_by_id, + sxp_local_bindings.SxpLocalBindings.update_sxp_local_bindings_by_id, + + - Paths used are + post /ers/config/sxplocalbindings, + delete /ers/config/sxplocalbindings/{id}, + put /ers/config/sxplocalbindings/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.sxp_local_bindings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + bindingName: string + description: string + id: string + ipAddressOrHost: string + sgt: string + sxpVpn: string + vns: string + +- name: Delete by id + cisco.ise.sxp_local_bindings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sxp_local_bindings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + bindingName: string + description: string + id: string + ipAddressOrHost: string + sgt: string + sxpVpn: string + vns: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "description": "string", + "bindingName": "string", + "ipAddressOrHost": "string", + "sxpVpn": "string", + "sgt": "string", + "vns": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_monitor_status_info.py new file mode 100644 index 00000000..3cb621af --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_local_bindings_bulk_monitor_status_info +short_description: Information module for SXP Local Bindings Bulk Monitor Status +description: +- Get SXP Local Bindings Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_local_bindings.SxpLocalBindings.monitor_bulk_status_sxp_local_bindings, + + - Paths used are + get /ers/config/sxplocalbindings/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SXP Local Bindings Bulk Monitor Status by id + cisco.ise.sxp_local_bindings_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_request.py new file mode 100644 index 00000000..374def10 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_local_bindings_bulk_request +short_description: Resource module for SXP Local Bindings Bulk Request +description: +- Manage operation update of the resource SXP Local Bindings Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SXP Local Bindings Bulk Request's operationType. + type: str + resourceMediaType: + description: SXP Local Bindings Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_local_bindings.SxpLocalBindings.bulk_request_for_sxp_local_bindings, + + - Paths used are + put /ers/config/sxplocalbindings/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sxp_local_bindings_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_info.py new file mode 100644 index 00000000..0c422a49 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_local_bindings_info.py @@ -0,0 +1,151 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_local_bindings_info +short_description: Information module for SXP Local Bindings +description: +- Get all SXP Local Bindings. +- Get SXP Local Bindings by id. +- This API allows the client to get a SXP local binding by ID. +- This API allows the client to get all the SXP local bindings. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_local_bindings.SxpLocalBindings.get_sxp_local_bindings_by_id, + sxp_local_bindings.SxpLocalBindings.get_sxp_local_bindings_generator, + + - Paths used are + get /ers/config/sxplocalbindings, + get /ers/config/sxplocalbindings/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SXP Local Bindings + cisco.ise.sxp_local_bindings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + sortasc: string + sortdsc: string + filter: [] + filterType: AND + register: result + +- name: Get SXP Local Bindings by id + cisco.ise.sxp_local_bindings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "description": "string", + "bindingName": "string", + "ipAddressOrHost": "string", + "sxpVpn": "string", + "sgt": "string", + "vns": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "description": "string", + "bindingName": "string", + "ipAddressOrHost": "string", + "sxpVpn": "string", + "sgt": "string", + "vns": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_vpns.py b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns.py new file mode 100644 index 00000000..0b7a88dc --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns.py @@ -0,0 +1,76 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_vpns +short_description: Resource module for SXP VPNs +description: +- Manage operations create and delete of the resource SXP VPNs. +- This API creates a SXP VPN. +- This API deletes a SXP VPN. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Id path parameter. + type: str + sxpVpnName: + description: SXP VPNs's sxpVpnName. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_vpns.SxpVpns.create_sxp_vpn, + sxp_vpns.SxpVpns.delete_sxp_vpn_by_id, + + - Paths used are + post /ers/config/sxpvpns, + delete /ers/config/sxpvpns/{id}, + +""" + +EXAMPLES = r""" +- name: Delete by id + cisco.ise.sxp_vpns: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.sxp_vpns: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + sxpVpnName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "sxpVpnName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_monitor_status_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_monitor_status_info.py new file mode 100644 index 00000000..9ec5a6fb --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_monitor_status_info.py @@ -0,0 +1,72 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_vpns_bulk_monitor_status_info +short_description: Information module for SXP VPNs Bulk Monitor Status +description: +- Get SXP VPNs Bulk Monitor Status by id. +- This API allows the client to monitor the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + bulkid: + description: + - Bulkid path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_vpns.SxpVpns.monitor_bulk_status_sxp_vpns, + + - Paths used are + get /ers/config/sxpvpns/bulk/{bulkid}, + +""" + +EXAMPLES = r""" +- name: Get SXP VPNs Bulk Monitor Status by id + cisco.ise.sxp_vpns_bulk_monitor_status_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + bulkid: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "bulkId": "string", + "mediaType": "string", + "executionStatus": "string", + "operationType": "string", + "startTime": "string", + "resourcesCount": 0, + "successCount": 0, + "failCount": 0, + "resourcesStatus": [ + { + "id": "string", + "name": "string", + "description": "string", + "resourceExecutionStatus": "string", + "status": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_request.py b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_request.py new file mode 100644 index 00000000..0c8e957c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_bulk_request.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_vpns_bulk_request +short_description: Resource module for SXP VPNs Bulk Request +description: +- Manage operation update of the resource SXP VPNs Bulk Request. +- This API allows the client to submit the bulk request. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + operationType: + description: SXP VPNs Bulk Request's operationType. + type: str + resourceMediaType: + description: SXP VPNs Bulk Request's resourceMediaType. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_vpns.SxpVpns.bulk_request_for_sxp_vpns, + + - Paths used are + put /ers/config/sxpvpns/bulk/submit, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.sxp_vpns_bulk_request: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + operationType: string + resourceMediaType: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_info.py b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_info.py new file mode 100644 index 00000000..0b233c13 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/sxp_vpns_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: sxp_vpns_info +short_description: Information module for SXP VPNs +description: +- Get all SXP VPNs. +- Get SXP VPNs by id. +- This API allows the client to get a SXP VPN by ID. +- This API allows the client to get all the SXP VPNs. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + sortasc: + description: + - Sortasc query parameter. Sort asc. + type: str + sortdsc: + description: + - Sortdsc query parameter. Sort desc. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + sxp_vpns.SxpVpns.get_sxp_vpn_by_id, + sxp_vpns.SxpVpns.get_sxp_vpns_generator, + + - Paths used are + get /ers/config/sxpvpns, + get /ers/config/sxpvpns/{id}, + +""" + +EXAMPLES = r""" +- name: Get all SXP VPNs + cisco.ise.sxp_vpns_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + filter: [] + filterType: AND + sortasc: string + sortdsc: string + register: result + +- name: Get SXP VPNs by id + cisco.ise.sxp_vpns_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "sxpVpnName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "sxpVpnName": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_certificate.py b/ansible_collections/cisco/ise/plugins/modules/system_certificate.py new file mode 100644 index 00000000..6022b8d3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_certificate.py @@ -0,0 +1,185 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_certificate +short_description: Resource module for System Certificate +description: +- Manage operations update and delete of the resource System Certificate. +- This API deletes a System Certificate of a particular node based on given HostName and ID. +- Update a System Certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + admin: + description: Use certificate to authenticate the Cisco ISE Admin Portal. + type: bool + allowPortalTagTransferForSameSubject: + description: Allow overwriting the portal tag from matching certificate of same + subject. + type: bool + allowReplacementOfPortalGroupTag: + description: Allow Replacement of Portal Group Tag (required). + type: bool + allowRoleTransferForSameSubject: + description: Allow transfer of roles for certificate with matching subject. + type: bool + allowWildcardDelete: + description: If the given certificate to be deleted is a wildcard certificate, corresponding + certificate gets deleted on rest of the nodes in the deployment as well. + type: bool + description: + description: Description of System Certificate. + type: str + eap: + description: Use certificate for EAP protocols that use SSL/TLS tunneling. + type: bool + expirationTTLPeriod: + description: System Certificate's expirationTTLPeriod. + type: int + expirationTTLUnits: + description: System Certificate's expirationTTLUnits. + type: str + hostName: + description: HostName path parameter. Name of Host whose certificate needs to be + updated. + type: str + id: + description: Id path parameter. ID of the System Certificate to be updated. + type: str + ims: + description: Use certificate for the Cisco ISE Messaging Service. + type: bool + name: + description: Name of the certificate. + type: str + portal: + description: Use for portal. + type: bool + portalGroupTag: + description: Set Group tag. + type: str + pxgrid: + description: Use certificate for the pxGrid Controller. + type: bool + radius: + description: Use certificate for the RADSec server. + type: bool + renewSelfSignedCertificate: + description: Renew Self-signed Certificate. + type: bool + saml: + description: Use certificate for SAML Signing. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.delete_system_certificate_by_id, + certificates.Certificates.update_system_certificate, + + - Paths used are + delete /api/v1/certs/system-certificate/{hostName}/{id}, + put /api/v1/certs/system-certificate/{hostName}/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.system_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + admin: true + allowPortalTagTransferForSameSubject: true + allowReplacementOfPortalGroupTag: true + allowRoleTransferForSameSubject: true + description: string + eap: true + expirationTTLPeriod: 0 + expirationTTLUnits: string + hostName: string + id: string + ims: true + name: string + portal: true + portalGroupTag: string + pxgrid: true + radius: true + renewSelfSignedCertificate: true + saml: true + +- name: Delete by id + cisco.ise.system_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + allowWildcardDelete: true + hostName: string + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "expirationDate": "string", + "friendlyName": "string", + "groupTag": "string", + "id": "string", + "issuedBy": "string", + "issuedTo": "string", + "keySize": 0, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "portalsUsingTheTag": "string", + "selfSigned": true, + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "usedBy": "string", + "validFrom": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string", + "status": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_certificate_create.py b/ansible_collections/cisco/ise/plugins/modules/system_certificate_create.py new file mode 100644 index 00000000..75831861 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_certificate_create.py @@ -0,0 +1,142 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_certificate_create +short_description: Resource module for System Certificate Create +description: +- Manage operation create of the resource System Certificate Create. +- This API allows the client to create a system certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + ersLocalCertStub: + description: Inputs for certificate creation. + suboptions: + allowWildcardCerts: + description: System Certificate Create's allowWildcardCerts. + type: str + certificatePolicies: + description: System Certificate Create's certificatePolicies. + type: str + certificateSanDns: + description: System Certificate Create's certificateSanDns. + type: str + certificateSanIp: + description: System Certificate Create's certificateSanIp. + type: str + certificateSanUri: + description: System Certificate Create's certificateSanUri. + type: str + digest: + description: System Certificate Create's digest. + type: str + ersSubjectStub: + description: Subject data of certificate. + suboptions: + commonName: + description: System Certificate Create's commonName. + type: str + countryName: + description: System Certificate Create's countryName. + type: str + localityName: + description: System Certificate Create's localityName. + type: str + organizationName: + description: System Certificate Create's organizationName. + type: str + organizationalUnitName: + description: System Certificate Create's organizationalUnitName. + type: str + stateOrProvinceName: + description: System Certificate Create's stateOrProvinceName. + type: str + type: dict + expirationTTL: + description: System Certificate Create's expirationTTL. + type: int + friendlyName: + description: System Certificate Create's friendlyName. + type: str + groupTagDD: + description: System Certificate Create's groupTagDD. + type: str + keyLength: + description: System Certificate Create's keyLength. + type: str + keyType: + description: System Certificate Create's keyType. + type: str + samlCertificate: + description: System Certificate Create's samlCertificate. + type: str + selectedExpirationTTLUnit: + description: System Certificate Create's selectedExpirationTTLUnit. + type: str + xgridCertificate: + description: System Certificate Create's xgridCertificate. + type: str + type: dict + nodeId: + description: NodeId of Cisco ISE application. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + system_certificate.SystemCertificate.create_system_certificate, + + - Paths used are + post /ers/config/systemcertificate, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.system_certificate_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + ersLocalCertStub: + allowWildcardCerts: string + certificatePolicies: string + certificateSanDns: string + certificateSanIp: string + certificateSanUri: string + digest: string + ersSubjectStub: + commonName: string + countryName: string + localityName: string + organizationName: string + organizationalUnitName: string + stateOrProvinceName: string + expirationTTL: 0 + friendlyName: string + groupTagDD: string + keyLength: string + keyType: string + samlCertificate: string + selectedExpirationTTLUnit: string + xgridCertificate: string + nodeId: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_certificate_export_info.py b/ansible_collections/cisco/ise/plugins/modules/system_certificate_export_info.py new file mode 100644 index 00000000..793eaea3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_certificate_export_info.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_certificate_export_info +short_description: Information module for System Certificate Export Info +description: +- Get System Certificate Export Info. +- Export System Certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + dirPath: + description: Directory absolute path. Defaults to the current working directory. + type: str + export: + description: System Certificate Export Info's export. + type: str + filename: + description: The filename used to save the download file. + type: str + id: + description: System Certificate Export Info's id. + type: str + password: + description: System Certificate Export Info's password. + type: str + saveFile: + description: Enable or disable automatic file creation of raw response. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.export_system_certificate, + + - Paths used are + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.system_certificate_export_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + dirPath: /tmp/downloads/ + export: string + filename: download_filename.extension + id: string + password: string + saveFile: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: str + sample: > + "'string'" +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_certificate_import.py b/ansible_collections/cisco/ise/plugins/modules/system_certificate_import.py new file mode 100644 index 00000000..9cb9d330 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_certificate_import.py @@ -0,0 +1,144 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_certificate_import +short_description: Resource module for System Certificate Import +description: +- Manage operation create of the resource System Certificate Import. +- Import an X509 certificate as a system certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + admin: + description: Use certificate to authenticate the Cisco ISE Admin Portal. + type: bool + allowExtendedValidity: + description: Allow import of certificates with validity greater than 398 days (required). + type: bool + allowOutOfDateCert: + description: Allow out of date certificates (required). + type: bool + allowPortalTagTransferForSameSubject: + description: Allow overwriting the portal tag from matching certificate of same + subject. + type: bool + allowReplacementOfCertificates: + description: Allow Replacement of certificates (required). + type: bool + allowReplacementOfPortalGroupTag: + description: Allow Replacement of Portal Group Tag (required). + type: bool + allowRoleTransferForSameSubject: + description: Allow transfer of roles for certificate with matching subject. + type: bool + allowSHA1Certificates: + description: Allow SHA1 based certificates (required). + type: bool + allowWildCardCertificates: + description: Allow Wildcard certificates. + type: bool + data: + description: Certificate Content (required). + type: str + eap: + description: Use certificate for EAP protocols that use SSL/TLS tunneling. + type: bool + ims: + description: Use certificate for the Cisco ISE Messaging Service. + type: bool + name: + description: Name of the certificate. + type: str + password: + description: Certificate Password (required). + type: str + portal: + description: Use for portal. + type: bool + portalGroupTag: + description: Set Group tag. + type: str + privateKeyData: + description: Private Key data (required). + type: str + pxgrid: + description: Use certificate for the pxGrid Controller. + type: bool + radius: + description: Use certificate for the RADSec server. + type: bool + saml: + description: Use certificate for SAML Signing. + type: bool + validateCertificateExtensions: + description: Validate certificate extensions. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.import_system_certificate, + + - Paths used are + post /api/v1/certs/system-certificate/import, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.system_certificate_import: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + admin: true + allowExtendedValidity: true + allowOutOfDateCert: true + allowPortalTagTransferForSameSubject: true + allowReplacementOfCertificates: true + allowReplacementOfPortalGroupTag: true + allowRoleTransferForSameSubject: true + allowSHA1Certificates: true + allowWildCardCertificates: true + data: string + eap: true + ims: true + name: string + password: string + portal: true + portalGroupTag: string + privateKeyData: string + pxgrid: true + radius: true + saml: true + validateCertificateExtensions: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string", + "status": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_certificate_info.py b/ansible_collections/cisco/ise/plugins/modules/system_certificate_info.py new file mode 100644 index 00000000..9c05839c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_certificate_info.py @@ -0,0 +1,175 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_certificate_info +short_description: Information module for System Certificate +description: +- Get System Certificate by id. +- Get System Certificate by name. +- This API provides details of a System Certificate of a particular node based on given HostName and ID. +- This API supports Filtering, Sorting and Pagination. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + hostName: + description: + - HostName path parameter. Name of the host of which system certificates should be returned. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. ID of the system certificate. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.get_system_certificate_by_id, + certificates.Certificates.get_system_certificates, + + - Paths used are + get /api/v1/certs/system-certificate/{hostName}, + get /api/v1/certs/system-certificate/{hostName}/{id}, + +""" + +EXAMPLES = r""" +- name: Get System Certificate by id + cisco.ise.system_certificate_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + hostName: string + id: string + register: result + +- name: Get System Certificate by name + cisco.ise.system_certificate_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + hostName: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "expirationDate": "string", + "friendlyName": "string", + "groupTag": "string", + "id": "string", + "issuedBy": "string", + "issuedTo": "string", + "keySize": 0, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "portalsUsingTheTag": "string", + "selfSigned": true, + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "usedBy": "string", + "validFrom": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "expirationDate": "string", + "friendlyName": "string", + "groupTag": "string", + "id": "string", + "issuedBy": "string", + "issuedTo": "string", + "keySize": 0, + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "portalsUsingTheTag": "string", + "selfSigned": true, + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "usedBy": "string", + "validFrom": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/system_config_version_info.py b/ansible_collections/cisco/ise/plugins/modules/system_config_version_info.py new file mode 100644 index 00000000..cbff1e72 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/system_config_version_info.py @@ -0,0 +1,60 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: system_config_version_info +short_description: Information module for System Config Version +description: +- Get all System Config Version. +- This API allows the client to get Cisco ISE version and patch information. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for VersionAndPatch + description: Complete reference of the VersionAndPatch API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!iseversion +notes: + - SDK Method used are + version_and_patch.VersionAndPatch.get_ise_version_and_patch, + + - Paths used are + get /ers/config/op/systemconfig/iseversion, + +""" + +EXAMPLES = r""" +- name: Get all System Config Version + cisco.ise.system_config_version_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "resultValue": [ + { + "value": "string", + "name": "string" + } + ] + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets.py new file mode 100644 index 00000000..461d03bd --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_command_sets +short_description: Resource module for TACACS Command Sets +description: +- Manage operations create, update and delete of the resource TACACS Command Sets. +- This API creates TACACS command sets. +- This API deletes TACACS command sets. +- This API allows the client to update TACACS command sets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + commands: + description: TACACS Command Sets's commands. + suboptions: + commandList: + description: TACACS Command Sets's commandList. + elements: dict + suboptions: + arguments: + description: TACACS Command Sets's arguments. + type: str + command: + description: TACACS Command Sets's command. + type: str + grant: + description: Allowed values PERMIT, DENY, DENY_ALWAYS. + type: str + type: list + type: dict + description: + description: TACACS Command Sets's description. + type: str + id: + description: TACACS Command Sets's id. + type: str + name: + description: TACACS Command Sets's name. + type: str + permitUnmatched: + description: PermitUnmatched flag. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_command_sets.TacacsCommandSets.create_tacacs_command_sets, + tacacs_command_sets.TacacsCommandSets.delete_tacacs_command_sets_by_id, + tacacs_command_sets.TacacsCommandSets.update_tacacs_command_sets_by_id, + + - Paths used are + post /ers/config/tacacscommandsets, + delete /ers/config/tacacscommandsets/{id}, + put /ers/config/tacacscommandsets/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.tacacs_command_sets: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + commandList: + - arguments: string + command: string + grant: string + description: string + id: string + name: string + permitUnmatched: true + +- name: Delete by id + cisco.ise.tacacs_command_sets: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.tacacs_command_sets: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + commands: + commandList: + - arguments: string + command: string + grant: string + description: string + name: string + permitUnmatched: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "permitUnmatched": true, + "commands": { + "commandList": [ + { + "grant": "string", + "command": "string", + "arguments": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets_info.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets_info.py new file mode 100644 index 00000000..59398596 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_command_sets_info.py @@ -0,0 +1,142 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_command_sets_info +short_description: Information module for TACACS Command Sets +description: +- Get all TACACS Command Sets. +- Get TACACS Command Sets by id. +- Get TACACS Command Sets by name. +- This API allows the client to get TACACS command sets by ID. +- This API allows the client to get TACACS command sets by name. +- This API allows the client to get all the TACACS command sets. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_command_sets.TacacsCommandSets.get_tacacs_command_sets_by_id, + tacacs_command_sets.TacacsCommandSets.get_tacacs_command_sets_by_name, + tacacs_command_sets.TacacsCommandSets.get_tacacs_command_sets_generator, + + - Paths used are + get /ers/config/tacacscommandsets, + get /ers/config/tacacscommandsets/name/{name}, + get /ers/config/tacacscommandsets/{id}, + +""" + +EXAMPLES = r""" +- name: Get all TACACS Command Sets + cisco.ise.tacacs_command_sets_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get TACACS Command Sets by id + cisco.ise.tacacs_command_sets_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get TACACS Command Sets by name + cisco.ise.tacacs_command_sets_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "permitUnmatched": true, + "commands": { + "commandList": [ + { + "grant": "string", + "command": "string", + "arguments": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "permitUnmatched": true, + "commands": { + "commandList": [ + { + "grant": "string", + "command": "string", + "arguments": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers.py new file mode 100644 index 00000000..51d311bf --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers.py @@ -0,0 +1,146 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_external_servers +short_description: Resource module for TACACS External Servers +description: +- Manage operations create, update and delete of the resource TACACS External Servers. +- This API creates TACACS external servers. +- This API deletes TACACS external servers. +- This API allows the client to update TACACS external servers. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + connectionPort: + description: The port to connect the server. + type: int + description: + description: TACACS External Servers's description. + type: str + hostIP: + description: The server IPV4 address. + type: str + id: + description: TACACS External Servers's id. + type: str + name: + description: TACACS External Servers's name. + type: str + sharedSecret: + description: The server shared secret. + type: str + singleConnect: + description: Define the use of single connection. + type: bool + timeout: + description: The server timeout. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_external_servers.TacacsExternalServers.create_tacacs_external_servers, + tacacs_external_servers.TacacsExternalServers.delete_tacacs_external_servers_by_id, + tacacs_external_servers.TacacsExternalServers.update_tacacs_external_servers_by_id, + + - Paths used are + post /ers/config/tacacsexternalservers, + delete /ers/config/tacacsexternalservers/{id}, + put /ers/config/tacacsexternalservers/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.tacacs_external_servers: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + connectionPort: 0 + description: string + hostIP: string + id: string + name: string + sharedSecret: string + singleConnect: true + timeout: 0 + +- name: Delete by id + cisco.ise.tacacs_external_servers: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.tacacs_external_servers: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + connectionPort: 0 + description: string + hostIP: string + name: string + sharedSecret: string + singleConnect: true + timeout: 0 + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "connectionPort": 0, + "singleConnect": true, + "sharedSecret": "string", + "timeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers_info.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers_info.py new file mode 100644 index 00000000..5759de01 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_external_servers_info.py @@ -0,0 +1,132 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_external_servers_info +short_description: Information module for TACACS External Servers +description: +- Get all TACACS External Servers. +- Get TACACS External Servers by id. +- Get TACACS External Servers by name. +- This API allows the client to get TACACS external servers by ID. +- This API allows the client to get TACACS external servers by name. +- This API allows the client to get all the TACACS external servers. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_external_servers.TacacsExternalServers.get_tacacs_external_servers_by_id, + tacacs_external_servers.TacacsExternalServers.get_tacacs_external_servers_by_name, + tacacs_external_servers.TacacsExternalServers.get_tacacs_external_servers_generator, + + - Paths used are + get /ers/config/tacacsexternalservers, + get /ers/config/tacacsexternalservers/name/{name}, + get /ers/config/tacacsexternalservers/{id}, + +""" + +EXAMPLES = r""" +- name: Get all TACACS External Servers + cisco.ise.tacacs_external_servers_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get TACACS External Servers by id + cisco.ise.tacacs_external_servers_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get TACACS External Servers by name + cisco.ise.tacacs_external_servers_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "connectionPort": 0, + "singleConnect": true, + "sharedSecret": "string", + "timeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "hostIP": "string", + "connectionPort": 0, + "singleConnect": true, + "sharedSecret": "string", + "timeout": 0, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_profile.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_profile.py new file mode 100644 index 00000000..8cb53b9b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_profile.py @@ -0,0 +1,153 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_profile +short_description: Resource module for TACACS Profile +description: +- Manage operations create, update and delete of the resource TACACS Profile. +- This API creates a TACACS profile. +- This API deletes a TACACS profile. +- This API allows the client to update a TACACS profile. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: TACACS Profile's description. + type: str + id: + description: TACACS Profile's id. + type: str + name: + description: TACACS Profile's name. + type: str + sessionAttributes: + description: Holds list of session attributes. View type for GUI is Shell by default. + suboptions: + sessionAttributeList: + description: TACACS Profile's sessionAttributeList. + elements: dict + suboptions: + name: + description: TACACS Profile's name. + type: str + type: + description: Allowed values MANDATORY, OPTIONAL. + type: str + value: + description: TACACS Profile's value. + type: str + type: list + type: dict +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_profile.TacacsProfile.create_tacacs_profile, + tacacs_profile.TacacsProfile.delete_tacacs_profile_by_id, + tacacs_profile.TacacsProfile.update_tacacs_profile_by_id, + + - Paths used are + post /ers/config/tacacsprofile, + delete /ers/config/tacacsprofile/{id}, + put /ers/config/tacacsprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.tacacs_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + sessionAttributes: + sessionAttributeList: + - name: string + type: string + value: string + +- name: Delete by id + cisco.ise.tacacs_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.tacacs_profile: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + name: string + sessionAttributes: + sessionAttributeList: + - name: string + type: string + value: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sessionAttributes": { + "sessionAttributeList": [ + { + "type": "string", + "name": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_profile_info.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_profile_info.py new file mode 100644 index 00000000..a64d0f25 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_profile_info.py @@ -0,0 +1,140 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_profile_info +short_description: Information module for TACACS Profile +description: +- Get all TACACS Profile. +- Get TACACS Profile by id. +- Get TACACS Profile by name. +- This API allows the client to get a TACACS profile by ID. +- This API allows the client to get a TACACS profile by name. +- This API allows the client to get all the TACACS profiles. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_profile.TacacsProfile.get_tacacs_profile_by_id, + tacacs_profile.TacacsProfile.get_tacacs_profile_by_name, + tacacs_profile.TacacsProfile.get_tacacs_profile_generator, + + - Paths used are + get /ers/config/tacacsprofile, + get /ers/config/tacacsprofile/name/{name}, + get /ers/config/tacacsprofile/{id}, + +""" + +EXAMPLES = r""" +- name: Get all TACACS Profile + cisco.ise.tacacs_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get TACACS Profile by id + cisco.ise.tacacs_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get TACACS Profile by name + cisco.ise.tacacs_profile_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "sessionAttributes": { + "sessionAttributeList": [ + { + "type": "string", + "name": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "sessionAttributes": { + "sessionAttributeList": [ + { + "type": "string", + "name": "string", + "value": "string" + } + ] + }, + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence.py new file mode 100644 index 00000000..0f9669f0 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence.py @@ -0,0 +1,159 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_server_sequence +short_description: Resource module for TACACS Server Sequence +description: +- Manage operations create, update and delete of the resource TACACS Server Sequence. +- This API creates a TACACS server sequence. +- This API deletes a TACACS server sequence. +- This API allows the client to update a TACACS server sequence. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: TACACS Server Sequence's description. + type: str + id: + description: TACACS Server Sequence's id. + type: str + localAccounting: + description: LocalAccounting flag. + type: bool + name: + description: TACACS Server Sequence's name. + type: str + prefixDelimiter: + description: The delimiter that will be used for prefix strip. + type: str + prefixStrip: + description: Define if a delimiter will be used for prefix strip. + type: bool + remoteAccounting: + description: RemoteAccounting flag. + type: bool + serverList: + description: The names of TACACS external servers separated by commas. The order + of the names in the string is the order of servers that will be used during authentication. + type: str + suffixDelimiter: + description: The delimiter that will be used for suffix strip. + type: str + suffixStrip: + description: Define if a delimiter will be used for suffix strip. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_server_sequence.TacacsServerSequence.create_tacacs_server_sequence, + tacacs_server_sequence.TacacsServerSequence.delete_tacacs_server_sequence_by_id, + tacacs_server_sequence.TacacsServerSequence.update_tacacs_server_sequence_by_id, + + - Paths used are + post /ers/config/tacacsserversequence, + delete /ers/config/tacacsserversequence/{id}, + put /ers/config/tacacsserversequence/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.tacacs_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + localAccounting: true + name: string + prefixDelimiter: string + prefixStrip: true + remoteAccounting: true + serverList: string + suffixDelimiter: string + suffixStrip: true + +- name: Delete by id + cisco.ise.tacacs_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +- name: Create + cisco.ise.tacacs_server_sequence: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + localAccounting: true + name: string + prefixDelimiter: string + prefixStrip: true + remoteAccounting: true + serverList: string + suffixDelimiter: string + suffixStrip: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "serverList": "string", + "localAccounting": true, + "remoteAccounting": true, + "prefixStrip": true, + "prefixDelimiter": "string", + "suffixStrip": true, + "suffixDelimiter": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "UpdatedFieldsList": { + "updatedField": [ + { + "field": "string", + "oldValue": "string", + "newValue": "string" + } + ], + "field": "string", + "oldValue": "string", + "newValue": "string" + } + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence_info.py b/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence_info.py new file mode 100644 index 00000000..618b4c59 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tacacs_server_sequence_info.py @@ -0,0 +1,136 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tacacs_server_sequence_info +short_description: Information module for TACACS Server Sequence +description: +- Get all TACACS Server Sequence. +- Get TACACS Server Sequence by id. +- Get TACACS Server Sequence by name. +- This API allows the client to get a TACACS server sequence by ID. +- This API allows the client to get a TACACS server sequence by name. +- This API allows the client to get all the TACACS server sequences. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + name: + description: + - Name path parameter. + type: str + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +notes: + - SDK Method used are + tacacs_server_sequence.TacacsServerSequence.get_tacacs_server_sequence_by_id, + tacacs_server_sequence.TacacsServerSequence.get_tacacs_server_sequence_by_name, + tacacs_server_sequence.TacacsServerSequence.get_tacacs_server_sequence_generator, + + - Paths used are + get /ers/config/tacacsserversequence, + get /ers/config/tacacsserversequence/name/{name}, + get /ers/config/tacacsserversequence/{id}, + +""" + +EXAMPLES = r""" +- name: Get all TACACS Server Sequence + cisco.ise.tacacs_server_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + register: result + +- name: Get TACACS Server Sequence by id + cisco.ise.tacacs_server_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +- name: Get TACACS Server Sequence by name + cisco.ise.tacacs_server_sequence_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + name: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "name": "string", + "description": "string", + "serverList": "string", + "localAccounting": true, + "remoteAccounting": true, + "prefixStrip": true, + "prefixDelimiter": "string", + "suffixStrip": true, + "suffixDelimiter": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "name": "string", + "description": "string", + "serverList": "string", + "localAccounting": true, + "remoteAccounting": true, + "prefixStrip": true, + "prefixDelimiter": "string", + "suffixStrip": true, + "suffixDelimiter": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/tasks_info.py b/ansible_collections/cisco/ise/plugins/modules/tasks_info.py new file mode 100644 index 00000000..98dabd3d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/tasks_info.py @@ -0,0 +1,79 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: tasks_info +short_description: Information module for Tasks +description: +- Get all Tasks. +- Get Tasks by id. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + taskId: + description: + - TaskId path parameter. The id of the task executed before. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for tasks + description: Complete reference of the tasks API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!task-service-openapi +notes: + - SDK Method used are + tasks.Tasks.get_task_status, + tasks.Tasks.get_task_status_by_id, + + - Paths used are + get /api/v1/task, + get /api/v1/task/{taskId}, + +""" + +EXAMPLES = r""" +- name: Get all Tasks + cisco.ise.tasks_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +- name: Get Tasks by id + cisco.ise.tasks_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + taskId: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "detailStatus": [ + {} + ], + "executionStatus": "string", + "failCount": 0, + "id": "string", + "moduleType": "string", + "resourcesCount": 0, + "startTime": "string", + "successCount": 0 + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/telemetry_info.py b/ansible_collections/cisco/ise/plugins/modules/telemetry_info.py new file mode 100644 index 00000000..4393577a --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/telemetry_info.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: telemetry_info +short_description: Information module for Telemetry Info +description: +- Get all Telemetry Info. +- Get Telemetry Info by id. +- This API allows the client to get all the telemetry information. +- This API allows the client to get telemetry information by ID. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. + type: str + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + filter: + description: + - > + Filter query parameter. **Simple filtering** should be available through the filter query string parameter. + The structure of a filter is a triplet of field operator and value separated with dots. More than one filter + can be sent. The logical operator common to ALL filter criteria will be by default AND, and can be changed + by using the "filterType=or" query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for TelemetryInformation + description: Complete reference of the TelemetryInformation API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!telemetryinfo +notes: + - SDK Method used are + telemetry_information.TelemetryInformation.get_telemetry_info_by_id, + telemetry_information.TelemetryInformation.get_telemetry_information_generator, + + - Paths used are + get /ers/config/telemetryinfo, + get /ers/config/telemetryinfo/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Telemetry Info + cisco.ise.telemetry_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 1 + size: 20 + filter: [] + filterType: AND + register: result + +- name: Get Telemetry Info by id + cisco.ise.telemetry_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string", + "status": "string", + "deploymentId": "string", + "udiSN": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "id": "string", + "status": "string", + "deploymentId": "string", + "udiSN": "string", + "link": { + "rel": "string", + "href": "string", + "type": "string" + } + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/threat_vulnerabilities_clear.py b/ansible_collections/cisco/ise/plugins/modules/threat_vulnerabilities_clear.py new file mode 100644 index 00000000..853c23ad --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/threat_vulnerabilities_clear.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: threat_vulnerabilities_clear +short_description: Resource module for Threat Vulnerabilities Clear +description: +- Manage operation update of the resource Threat Vulnerabilities Clear. +- This API allows the client to delete the ThreatContext and Threat events that. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + macAddresses: + description: Threat Vulnerabilities Clear's macAddresses. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for ClearThreatsAndVulnerabilities + description: Complete reference of the ClearThreatsAndVulnerabilities API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!clearthreatsandvulneribilities +notes: + - SDK Method used are + clear_threats_and_vulnerabilities.ClearThreatsAndVulnerabilities.clear_threats_and_vulnerabilities, + + - Paths used are + put /ers/config/threat/clearThreatsAndVulneribilities, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.threat_vulnerabilities_clear: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + macAddresses: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + {} +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings.py b/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings.py new file mode 100644 index 00000000..1db63b6e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings.py @@ -0,0 +1,77 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: transport_gateway_settings +short_description: Resource module for Transport Gateway Settings +description: +- Manage operation update of the resource Transport Gateway Settings. +- Transport Gateway acts a proxy for the communication between the ISE servers in your network and the Telemetry servers in case of air-gapped network. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + enableTransportGateway: + description: Indicates whether transport gateway is enabled or not. + type: bool + url: + description: URL of transport gateway. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for telemetry + description: Complete reference of the telemetry API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!system-settings-openapi +notes: + - SDK Method used are + telemetry.Telemetry.update_transport_gateway, + + - Paths used are + put /api/v1/system-settings/telemetry/transport-gateway, + +""" + +EXAMPLES = r""" +- name: Update all + cisco.ise.transport_gateway_settings: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + enableTransportGateway: true + url: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "enableTransportGateway": true, + "url": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "enableTransportGateway": true, + "url": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings_info.py b/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings_info.py new file mode 100644 index 00000000..a5f69c02 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/transport_gateway_settings_info.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: transport_gateway_settings_info +short_description: Information module for Transport Gateway Settings +description: +- Get all Transport Gateway Settings. +- Transport Gateway acts a proxy for the communication between the ISE servers in your network and the Telemetry servers in case of air-gapped network. +version_added: '2.1.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: {} +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for telemetry + description: Complete reference of the telemetry API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!system-settings-openapi +notes: + - SDK Method used are + telemetry.Telemetry.get_transport_gateway, + + - Paths used are + get /api/v1/system-settings/telemetry/transport-gateway, + +""" + +EXAMPLES = r""" +- name: Get all Transport Gateway Settings + cisco.ise.transport_gateway_settings_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "enableTransportGateway": true, + "url": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trusted_certificate.py b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate.py new file mode 100644 index 00000000..d93fd1de --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate.py @@ -0,0 +1,219 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trusted_certificate +short_description: Resource module for Trusted Certificate +description: +- Manage operations update and delete of the resource Trusted Certificate. +- This API deletes a Trust Certificate from Trusted Certificate Store based on a given ID. +- Update a trusted certificate present in Cisco ISE trust store. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + authenticateBeforeCRLReceived: + description: Switch to enable or disable CRL verification if CRL is not received. + type: bool + automaticCRLUpdate: + description: Switch to enable or disable automatic CRL update. + type: bool + automaticCRLUpdatePeriod: + description: Automatic CRL update period. + type: int + automaticCRLUpdateUnits: + description: Unit of time for automatic CRL update. + type: str + crlDistributionUrl: + description: CRL Distribution URL. + type: str + crlDownloadFailureRetries: + description: If CRL download fails, wait time before retry. + type: int + crlDownloadFailureRetriesUnits: + description: Unit of time before retry if CRL download fails. + type: str + description: + description: Description for trust certificate. + type: str + downloadCRL: + description: Switch to enable or disable download of CRL. + type: bool + enableOCSPValidation: + description: Switch to enable or disable OCSP Validation. + type: bool + enableServerIdentityCheck: + description: Switch to enable or disable verification if HTTPS or LDAP server certificate + name fits the configured server URL. + type: bool + id: + description: Id path parameter. ID of the trust certificate. + type: str + ignoreCRLExpiration: + description: Switch to enable or disable ignore CRL expiration. + type: bool + name: + description: Friendly name of the certificate. + type: str + nonAutomaticCRLUpdatePeriod: + description: Non automatic CRL update period. + type: int + nonAutomaticCRLUpdateUnits: + description: Unit of time of non automatic CRL update. + type: str + rejectIfNoStatusFromOCSP: + description: Switch to reject certificate if there is no status from OCSP. + type: bool + rejectIfUnreachableFromOCSP: + description: Switch to reject certificate if unreachable from OCSP. + type: bool + selectedOCSPService: + description: Name of selected OCSP Service. + type: str + status: + description: Trusted Certificate's status. + type: str + trustForCertificateBasedAdminAuth: + description: Trust for Certificate based Admin authentication. + type: bool + trustForCiscoServicesAuth: + description: Trust for authentication of Cisco Services. + type: bool + trustForClientAuth: + description: Trust for client authentication and Syslog. + type: bool + trustForIseAuth: + description: Trust for authentication within Cisco ISE. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.delete_trusted_certificate_by_id, + certificates.Certificates.update_trusted_certificate, + + - Paths used are + delete /api/v1/certs/trusted-certificate/{id}, + put /api/v1/certs/trusted-certificate/{id}, + +""" + +EXAMPLES = r""" +- name: Update by id + cisco.ise.trusted_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + authenticateBeforeCRLReceived: true + automaticCRLUpdate: true + automaticCRLUpdatePeriod: 0 + automaticCRLUpdateUnits: string + crlDistributionUrl: string + crlDownloadFailureRetries: 0 + crlDownloadFailureRetriesUnits: string + description: string + downloadCRL: true + enableOCSPValidation: true + enableServerIdentityCheck: true + id: string + ignoreCRLExpiration: true + name: string + nonAutomaticCRLUpdatePeriod: 0 + nonAutomaticCRLUpdateUnits: string + rejectIfNoStatusFromOCSP: true + rejectIfUnreachableFromOCSP: true + selectedOCSPService: string + status: string + trustForCertificateBasedAdminAuth: true + trustForCiscoServicesAuth: true + trustForClientAuth: true + trustForIseAuth: true + +- name: Delete by id + cisco.ise.trusted_certificate: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "authenticateBeforeCRLReceived": "string", + "automaticCRLUpdate": "string", + "automaticCRLUpdatePeriod": "string", + "automaticCRLUpdateUnits": "string", + "crlDistributionUrl": "string", + "crlDownloadFailureRetries": "string", + "crlDownloadFailureRetriesUnits": "string", + "description": "string", + "downloadCRL": "string", + "enableOCSPValidation": "string", + "enableServerIdentityCheck": "string", + "expirationDate": "string", + "friendlyName": "string", + "id": "string", + "ignoreCRLExpiration": "string", + "internalCA": true, + "isReferredInPolicy": true, + "issuedBy": "string", + "issuedTo": "string", + "keySize": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "nonAutomaticCRLUpdatePeriod": "string", + "nonAutomaticCRLUpdateUnits": "string", + "rejectIfNoStatusFromOCSP": "string", + "rejectIfUnreachableFromOCSP": "string", + "selectedOCSPService": "string", + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "status": "string", + "subject": "string", + "trustedFor": "string", + "validFrom": "string" + } + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: dict + sample: > + { + "response": { + "id": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "message": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_export_info.py b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_export_info.py new file mode 100644 index 00000000..7912ff87 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_export_info.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trusted_certificate_export_info +short_description: Information module for Trusted Certificate Export +description: +- Get Trusted Certificate Export by id. +- The response of this API carries a trusted certificate file mapped to the. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + id: + description: + - Id path parameter. ID of the Trusted Certificate to be exported. + type: str + dirPath: + description: + - Directory absolute path. Defaults to the current working directory. + type: str + saveFile: + description: + - Enable or disable automatic file creation of raw response. + type: bool + filename: + description: + - The filename used to save the download file. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.export_trusted_certificate, + + - Paths used are + get /api/v1/certs/trusted-certificate/export/{id}, + +""" + +EXAMPLES = r""" +- name: Get Trusted Certificate Export by id + cisco.ise.trusted_certificate_export_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "data": "filecontent", + "filename": "filename", + "dirpath": "download/directory", + "path": "download/directory/filename" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_import.py b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_import.py new file mode 100644 index 00000000..795ddb27 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_import.py @@ -0,0 +1,103 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trusted_certificate_import +short_description: Resource module for Trusted Certificate Import +description: +- Manage operation create of the resource Trusted Certificate Import. +- Import an X509 certificate as a trust certificate. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + allowBasicConstraintCAFalse: + description: Allow certificates with Basic Constraints CA Field as False (required). + type: bool + allowOutOfDateCert: + description: Allow out of date certificates (required). + type: bool + allowSHA1Certificates: + description: Allow SHA1 based certificates (required). + type: bool + data: + description: Certificate content (required). + type: str + description: + description: Description of the certificate. + type: str + name: + description: Name of the certificate. + type: str + trustForCertificateBasedAdminAuth: + description: Trust for Certificate based Admin authentication. + type: bool + trustForCiscoServicesAuth: + description: Trust for authentication of Cisco Services. + type: bool + trustForClientAuth: + description: Trust for client authentication and Syslog. + type: bool + trustForIseAuth: + description: Trust for authentication within Cisco ISE. + type: bool + validateCertificateExtensions: + description: Validate trust certificate extension. + type: bool +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.import_trust_certificate, + + - Paths used are + post /api/v1/certs/trusted-certificate/import, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trusted_certificate_import: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + allowBasicConstraintCAFalse: true + allowOutOfDateCert: true + allowSHA1Certificates: true + data: string + description: string + name: string + trustForCertificateBasedAdminAuth: true + trustForCiscoServicesAuth: true + trustForClientAuth: true + trustForIseAuth: true + validateCertificateExtensions: true + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "response": { + "id": "string", + "message": "string", + "status": "string" + }, + "version": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_info.py b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_info.py new file mode 100644 index 00000000..fceb4f0c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trusted_certificate_info.py @@ -0,0 +1,205 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trusted_certificate_info +short_description: Information module for Trusted Certificate +description: +- Get all Trusted Certificate. +- Get Trusted Certificate by id. +- This API can displays details of a Trust Certificate based on a given ID. +- This API supports Filtering, Sorting and Pagination. +version_added: '1.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. ID of the trust certificate. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for Certificates + description: Complete reference of the Certificates API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!certificate-openapi +notes: + - SDK Method used are + certificates.Certificates.get_trusted_certificate_by_id, + certificates.Certificates.get_trusted_certificates_generator, + + - Paths used are + get /api/v1/certs/trusted-certificate, + get /api/v1/certs/trusted-certificate/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Trusted Certificate + cisco.ise.trusted_certificate_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get Trusted Certificate by id + cisco.ise.trusted_certificate_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "authenticateBeforeCRLReceived": "string", + "automaticCRLUpdate": "string", + "automaticCRLUpdatePeriod": "string", + "automaticCRLUpdateUnits": "string", + "crlDistributionUrl": "string", + "crlDownloadFailureRetries": "string", + "crlDownloadFailureRetriesUnits": "string", + "description": "string", + "downloadCRL": "string", + "enableOCSPValidation": "string", + "enableServerIdentityCheck": "string", + "expirationDate": "string", + "friendlyName": "string", + "id": "string", + "ignoreCRLExpiration": "string", + "internalCA": true, + "isReferredInPolicy": true, + "issuedBy": "string", + "issuedTo": "string", + "keySize": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "nonAutomaticCRLUpdatePeriod": "string", + "nonAutomaticCRLUpdateUnits": "string", + "rejectIfNoStatusFromOCSP": "string", + "rejectIfUnreachableFromOCSP": "string", + "selectedOCSPService": "string", + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "status": "string", + "subject": "string", + "trustedFor": "string", + "validFrom": "string" + } + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + version_added: '1.1.0' + type: list + elements: dict + sample: > + [ + { + "authenticateBeforeCRLReceived": "string", + "automaticCRLUpdate": "string", + "automaticCRLUpdatePeriod": "string", + "automaticCRLUpdateUnits": "string", + "crlDistributionUrl": "string", + "crlDownloadFailureRetries": "string", + "crlDownloadFailureRetriesUnits": "string", + "description": "string", + "downloadCRL": "string", + "enableOCSPValidation": "string", + "enableServerIdentityCheck": "string", + "expirationDate": "string", + "friendlyName": "string", + "id": "string", + "ignoreCRLExpiration": "string", + "internalCA": true, + "isReferredInPolicy": true, + "issuedBy": "string", + "issuedTo": "string", + "keySize": "string", + "link": { + "href": "string", + "rel": "string", + "type": "string" + }, + "nonAutomaticCRLUpdatePeriod": "string", + "nonAutomaticCRLUpdateUnits": "string", + "rejectIfNoStatusFromOCSP": "string", + "rejectIfUnreachableFromOCSP": "string", + "selectedOCSPService": "string", + "serialNumberDecimalFormat": "string", + "sha256Fingerprint": "string", + "signatureAlgorithm": "string", + "status": "string", + "subject": "string", + "trustedFor": "string", + "validFrom": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app.py new file mode 100644 index 00000000..d82685f2 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_nbar_app +short_description: Resource module for Trustsec NBAR App +description: +- Manage operations create, update and delete of the resource Trustsec NBAR App. +- Create NBAR application. +- Update NBAR Application. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + description: + description: Trustsec NBAR App's description. + type: str + id: + description: Trustsec NBAR App's id. + type: str + name: + description: Trustsec NBAR App's name. + type: str + networkIdentities: + description: Array of NIs. + elements: dict + suboptions: + ports: + description: Trustsec NBAR App's ports. + type: str + protocol: + description: Trustsec NBAR App's protocol. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for nbarApp + description: Complete reference of the nbarApp API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + nbar_app.NbarApp.create_nbar_app, + nbar_app.NbarApp.delete_nbar_app_by_id, + nbar_app.NbarApp.update_nbar_app_by_id, + + - Paths used are + post /api/v1/trustsec/sgacl/nbarapp, + delete /api/v1/trustsec/sgacl/nbarapp/{id}, + put /api/v1/trustsec/sgacl/nbarapp/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_nbar_app: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + networkIdentities: + - ports: string + protocol: string + +- name: Update by id + cisco.ise.trustsec_nbar_app: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + description: string + id: string + name: string + networkIdentities: + - ports: string + protocol: string + +- name: Delete by id + cisco.ise.trustsec_nbar_app: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "description": "string", + "id": "string", + "name": "string", + "networkIdentities": [ + { + "ports": "string", + "protocol": "string" + } + ] + } + ] + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app_info.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app_info.py new file mode 100644 index 00000000..9c2b732b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_nbar_app_info.py @@ -0,0 +1,151 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_nbar_app_info +short_description: Information module for Trustsec NBAR App +description: +- Get all Trustsec NBAR App. +- Get Trustsec NBAR App by id. +- Get NBAR Application by id. +- Get all NBAR Applications. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for nbarApp + description: Complete reference of the nbarApp API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + nbar_app.NbarApp.get_nbar_app_by_id, + nbar_app.NbarApp.get_nbar_apps_generator, + + - Paths used are + get /api/v1/trustsec/sgacl/nbarapp, + get /api/v1/trustsec/sgacl/nbarapp/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Trustsec NBAR App + cisco.ise.trustsec_nbar_app_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get Trustsec NBAR App by id + cisco.ise.trustsec_nbar_app_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "description": "string", + "id": "string", + "name": "string", + "networkIdentities": [ + { + "ports": "string", + "protocol": "string" + } + ] + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "description": "string", + "id": "string", + "name": "string", + "networkIdentities": [ + { + "ports": "string", + "protocol": "string" + } + ] + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping.py new file mode 100644 index 00000000..b9c65804 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping.py @@ -0,0 +1,130 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_sg_vn_mapping +short_description: Resource module for Trustsec SG VN Mapping +description: +- Manage operations create, update and delete of the resource Trustsec SG VN Mapping. +- Create Security Group and Virtual Network mapping. +- Delete Security Group and Virtual Network mapping. +- Update Security Group and Virtual Network mapping. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Identifier of the SG-VN mapping. + type: str + lastUpdate: + description: Timestamp for the last update of the SG-VN mapping. + type: str + sgName: + description: Name of the associated Security Group to be used for identity if id + is not provided. + type: str + sgtId: + description: Identifier of the associated Security Group which is required unless + its name is provided. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required unless + its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity if id + is not provided. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for sgVnMapping + description: Complete reference of the sgVnMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + sg_vn_mapping.SgVnMapping.create_sg_vn_mapping, + sg_vn_mapping.SgVnMapping.delete_sg_vn_mapping_by_id, + sg_vn_mapping.SgVnMapping.update_sg_vn_mapping_by_id, + + - Paths used are + post /api/v1/trustsec/sgvnmapping, + delete /api/v1/trustsec/sgvnmapping/{id}, + put /api/v1/trustsec/sgvnmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_sg_vn_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + lastUpdate: string + sgName: string + sgtId: string + vnId: string + vnName: string + +- name: Update by id + cisco.ise.trustsec_sg_vn_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + lastUpdate: string + sgName: string + sgtId: string + vnId: string + vnName: string + +- name: Delete by id + cisco.ise.trustsec_sg_vn_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "lastUpdate": "string", + "sgName": "string", + "sgtId": "string", + "vnId": "string", + "vnName": "string" + } + ] + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_create.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_create.py new file mode 100644 index 00000000..2adb8f02 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_create.py @@ -0,0 +1,87 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_sg_vn_mapping_bulk_create +short_description: Resource module for Trustsec SG VN Mapping Bulk Create +description: +- Manage operation create of the resource Trustsec SG VN Mapping Bulk Create. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec SG VN Mapping Bulk Create's payload. + elements: dict + suboptions: + id: + description: Identifier of the SG-VN mapping. + type: str + lastUpdate: + description: Timestamp for the last update of the SG-VN mapping. + type: str + sgName: + description: Name of the associated Security Group to be used for identity if + id is not provided. + type: str + sgtId: + description: Identifier of the associated Security Group which is required unless + its name is provided. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required + unless its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity + if id is not provided. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for sgVnMapping + description: Complete reference of the sgVnMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + sg_vn_mapping.SgVnMapping.bulk_create_sg_vn_mappings, + + - Paths used are + post /api/v1/trustsec/sgvnmapping/bulk/create, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_sg_vn_mapping_bulk_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - id: string + lastUpdate: string + sgName: string + sgtId: string + vnId: string + vnName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_delete.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_delete.py new file mode 100644 index 00000000..b5d8b48d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_delete.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_sg_vn_mapping_bulk_delete +short_description: Resource module for Trustsec SG VN Mapping Bulk Delete +description: +- Manage operation create of the resource Trustsec SG VN Mapping Bulk Delete. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec SG VN Mapping Bulk Delete's payload. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for sgVnMapping + description: Complete reference of the sgVnMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + sg_vn_mapping.SgVnMapping.bulk_delete_sg_vn_mappings, + + - Paths used are + post /api/v1/trustsec/sgvnmapping/bulk/delete, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_sg_vn_mapping_bulk_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_update.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_update.py new file mode 100644 index 00000000..05b1a97e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_bulk_update.py @@ -0,0 +1,87 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_sg_vn_mapping_bulk_update +short_description: Resource module for Trustsec SG VN Mapping Bulk Update +description: +- Manage operation create of the resource Trustsec SG VN Mapping Bulk Update. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec SG VN Mapping Bulk Update's payload. + elements: dict + suboptions: + id: + description: Identifier of the SG-VN mapping. + type: str + lastUpdate: + description: Timestamp for the last update of the SG-VN mapping. + type: str + sgName: + description: Name of the associated Security Group to be used for identity if + id is not provided. + type: str + sgtId: + description: Identifier of the associated Security Group which is required unless + its name is provided. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required + unless its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity + if id is not provided. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for sgVnMapping + description: Complete reference of the sgVnMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + sg_vn_mapping.SgVnMapping.bulk_update_sg_vn_mappings, + + - Paths used are + post /api/v1/trustsec/sgvnmapping/bulk/update, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_sg_vn_mapping_bulk_update: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - id: string + lastUpdate: string + sgName: string + sgtId: string + vnId: string + vnName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_info.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_info.py new file mode 100644 index 00000000..3ac8cb0c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_sg_vn_mapping_info.py @@ -0,0 +1,145 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_sg_vn_mapping_info +short_description: Information module for Trustsec SG VN Mapping +description: +- Get all Trustsec SG VN Mapping. +- Get Trustsec SG VN Mapping by id. +- Get Security Group and Virtual Network mapping by id. +- Get all Security Group and Virtual Network mappings. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for sgVnMapping + description: Complete reference of the sgVnMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + sg_vn_mapping.SgVnMapping.get_sg_vn_mapping_by_id, + sg_vn_mapping.SgVnMapping.get_sg_vn_mappings_generator, + + - Paths used are + get /api/v1/trustsec/sgvnmapping, + get /api/v1/trustsec/sgvnmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Trustsec SG VN Mapping + cisco.ise.trustsec_sg_vn_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get Trustsec SG VN Mapping by id + cisco.ise.trustsec_sg_vn_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "lastUpdate": "string", + "sgName": "string", + "sgtId": "string", + "vnId": "string", + "vnName": "string" + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "lastUpdate": "string", + "sgName": "string", + "sgtId": "string", + "vnId": "string", + "vnName": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn.py new file mode 100644 index 00000000..7bd274ee --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn.py @@ -0,0 +1,113 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn +short_description: Resource module for Trustsec VN +description: +- Manage operations create, update and delete of the resource Trustsec VN. +- Create Virtual Network. +- Update Virtual Network. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + additionalAttributes: + description: JSON String of additional attributes for the Virtual Network. + type: str + id: + description: Identifier of the Virtual Network. + type: str + lastUpdate: + description: Timestamp for the last update of the Virtual Network. + type: str + name: + description: Name of the Virtual Network. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for virtualNetwork + description: Complete reference of the virtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + virtual_network.VirtualNetwork.create_virtual_network, + virtual_network.VirtualNetwork.delete_virtual_network_by_id, + virtual_network.VirtualNetwork.update_virtual_network_by_id, + + - Paths used are + post /api/v1/trustsec/virtualnetwork, + delete /api/v1/trustsec/virtualnetwork/{id}, + put /api/v1/trustsec/virtualnetwork/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + additionalAttributes: string + id: string + lastUpdate: string + name: string + +- name: Update by id + cisco.ise.trustsec_vn: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + additionalAttributes: string + id: string + lastUpdate: string + name: string + +- name: Delete by id + cisco.ise.trustsec_vn: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "additionalAttributes": "string", + "id": "string", + "lastUpdate": "string", + "name": "string" + } + ] + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_create.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_create.py new file mode 100644 index 00000000..3893db42 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_create.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_bulk_create +short_description: Resource module for Trustsec VN Bulk Create +description: +- Manage operation create of the resource Trustsec VN Bulk Create. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN Bulk Create's payload. + elements: dict + suboptions: + additionalAttributes: + description: JSON String of additional attributes for the Virtual Network. + type: str + id: + description: Identifier of the Virtual Network. + type: str + lastUpdate: + description: Timestamp for the last update of the Virtual Network. + type: str + name: + description: Name of the Virtual Network. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for virtualNetwork + description: Complete reference of the virtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + virtual_network.VirtualNetwork.bulk_create_virtual_networks, + + - Paths used are + post /api/v1/trustsec/virtualnetwork/bulk/create, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_bulk_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - additionalAttributes: string + id: string + lastUpdate: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_delete.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_delete.py new file mode 100644 index 00000000..88fa0ce8 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_delete.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_bulk_delete +short_description: Resource module for Trustsec VN Bulk Delete +description: +- Manage operation create of the resource Trustsec VN Bulk Delete. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN Bulk Delete's payload. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for virtualNetwork + description: Complete reference of the virtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + virtual_network.VirtualNetwork.bulk_delete_virtual_networks, + + - Paths used are + post /api/v1/trustsec/virtualnetwork/bulk/delete, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_bulk_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_update.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_update.py new file mode 100644 index 00000000..c823d303 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_bulk_update.py @@ -0,0 +1,75 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_bulk_update +short_description: Resource module for Trustsec VN Bulk Update +description: +- Manage operation create of the resource Trustsec VN Bulk Update. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN Bulk Update's payload. + elements: dict + suboptions: + additionalAttributes: + description: JSON String of additional attributes for the Virtual Network. + type: str + id: + description: Identifier of the Virtual Network. + type: str + lastUpdate: + description: Timestamp for the last update of the Virtual Network. + type: str + name: + description: Name of the Virtual Network. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for virtualNetwork + description: Complete reference of the virtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + virtual_network.VirtualNetwork.bulk_update_virtual_networks, + + - Paths used are + post /api/v1/trustsec/virtualnetwork/bulk/update, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_bulk_update: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - additionalAttributes: string + id: string + lastUpdate: string + name: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_info.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_info.py new file mode 100644 index 00000000..7c877bc3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_info.py @@ -0,0 +1,141 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_info +short_description: Information module for Trustsec VN +description: +- Get all Trustsec VN. +- Get Trustsec VN by id. +- Get Virtual Network by id. +- Get all Virtual Networks. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for virtualNetwork + description: Complete reference of the virtualNetwork API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + virtual_network.VirtualNetwork.get_virtual_network_by_id, + virtual_network.VirtualNetwork.get_virtual_networks_generator, + + - Paths used are + get /api/v1/trustsec/virtualnetwork, + get /api/v1/trustsec/virtualnetwork/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Trustsec VN + cisco.ise.trustsec_vn_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get Trustsec VN by id + cisco.ise.trustsec_vn_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "additionalAttributes": "string", + "id": "string", + "lastUpdate": "string", + "name": "string" + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "additionalAttributes": "string", + "id": "string", + "lastUpdate": "string", + "name": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping.py new file mode 100644 index 00000000..712c562b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping.py @@ -0,0 +1,139 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_vlan_mapping +short_description: Resource module for Trustsec VN VLAN Mapping +description: +- Manage operations create, update and delete of the resource Trustsec VN VLAN Mapping. +- Create VN-Vlan Mapping. +- Update VN-Vlan Mapping. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + id: + description: Identifier of the VN-VLAN Mapping. + type: str + isData: + description: Flag which indicates whether the VLAN is data or voice type. + type: bool + isDefaultVLAN: + description: Flag which indicates if the VLAN is default. + type: bool + lastUpdate: + description: Timestamp for the last update of the VN-VLAN Mapping. + type: str + maxValue: + description: Max value. + type: int + name: + description: Name of the VLAN. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required unless + its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity if id + is not provided. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for vnVlanMapping + description: Complete reference of the vnVlanMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + vn_vlan_mapping.VnVlanMapping.create_vn_vlan_mapping, + vn_vlan_mapping.VnVlanMapping.delete_vn_vlan_mapping_by_id, + vn_vlan_mapping.VnVlanMapping.update_vn_vlan_mapping_by_id, + + - Paths used are + post /api/v1/trustsec/vnvlanmapping, + delete /api/v1/trustsec/vnvlanmapping/{id}, + put /api/v1/trustsec/vnvlanmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_vlan_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + isData: true + isDefaultVlan: true + lastUpdate: string + maxValue: 0 + name: string + vnId: string + vnName: string + +- name: Update by id + cisco.ise.trustsec_vn_vlan_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: present + id: string + isData: true + isDefaultVlan: true + lastUpdate: string + maxValue: 0 + name: string + vnId: string + vnName: string + +- name: Delete by id + cisco.ise.trustsec_vn_vlan_mapping: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + state: absent + id: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "isData": true, + "isDefaultVlan": true, + "lastUpdate": "string", + "maxValue": 0, + "name": "string", + "vnId": "string", + "vnName": "string" + } + ] + +ise_update_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "code": 0, + "message": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_create.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_create.py new file mode 100644 index 00000000..bbe8e598 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_create.py @@ -0,0 +1,93 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_vlan_mapping_bulk_create +short_description: Resource module for Trustsec VN VLAN Mapping Bulk Create +description: +- Manage operation create of the resource Trustsec VN VLAN Mapping Bulk Create. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN VLAN Mapping Bulk Create's payload. + elements: dict + suboptions: + id: + description: Identifier of the VN-VLAN Mapping. + type: str + isData: + description: Flag which indicates whether the VLAN is data or voice type. + type: bool + isDefaultVLAN: + description: Flag which indicates if the VLAN is default. + type: bool + lastUpdate: + description: Timestamp for the last update of the VN-VLAN Mapping. + type: str + maxValue: + description: Max value. + type: int + name: + description: Name of the VLAN. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required + unless its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity + if id is not provided. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for vnVlanMapping + description: Complete reference of the vnVlanMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + vn_vlan_mapping.VnVlanMapping.bulk_create_vn_vlan_mappings, + + - Paths used are + post /api/v1/trustsec/vnvlanmapping/bulk/create, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_vlan_mapping_bulk_create: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - id: string + isData: true + isDefaultVlan: true + lastUpdate: string + maxValue: 0 + name: string + vnId: string + vnName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_delete.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_delete.py new file mode 100644 index 00000000..88a6c1e3 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_delete.py @@ -0,0 +1,59 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_vlan_mapping_bulk_delete +short_description: Resource module for Trustsec VN VLAN Mapping Bulk Delete +description: +- Manage operation create of the resource Trustsec VN VLAN Mapping Bulk Delete. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN VLAN Mapping Bulk Delete's payload. + elements: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for vnVlanMapping + description: Complete reference of the vnVlanMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + vn_vlan_mapping.VnVlanMapping.bulk_delete_vn_vlan_mappings, + + - Paths used are + post /api/v1/trustsec/vnvlanmapping/bulk/delete, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_vlan_mapping_bulk_delete: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_update.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_update.py new file mode 100644 index 00000000..e99b6f6d --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_bulk_update.py @@ -0,0 +1,93 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_vlan_mapping_bulk_update +short_description: Resource module for Trustsec VN VLAN Mapping Bulk Update +description: +- Manage operation create of the resource Trustsec VN VLAN Mapping Bulk Update. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module +author: Rafael Campos (@racampos) +options: + payload: + description: Trustsec VN VLAN Mapping Bulk Update's payload. + elements: dict + suboptions: + id: + description: Identifier of the VN-VLAN Mapping. + type: str + isData: + description: Flag which indicates whether the VLAN is data or voice type. + type: bool + isDefaultVLAN: + description: Flag which indicates if the VLAN is default. + type: bool + lastUpdate: + description: Timestamp for the last update of the VN-VLAN Mapping. + type: str + maxValue: + description: Max value. + type: int + name: + description: Name of the VLAN. + type: str + vnId: + description: Identifier for the associated Virtual Network which is required + unless its name is provided. + type: str + vnName: + description: Name of the associated Virtual Network to be used for identity + if id is not provided. + type: str + type: list +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for vnVlanMapping + description: Complete reference of the vnVlanMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + vn_vlan_mapping.VnVlanMapping.bulk_update_vn_vlan_mappings, + + - Paths used are + post /api/v1/trustsec/vnvlanmapping/bulk/update, + +""" + +EXAMPLES = r""" +- name: Create + cisco.ise.trustsec_vn_vlan_mapping_bulk_update: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + payload: + - id: string + isData: true + isDefaultVlan: true + lastUpdate: string + maxValue: 0 + name: string + vnId: string + vnName: string + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: dict + sample: > + { + "id": "string" + } +""" diff --git a/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_info.py b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_info.py new file mode 100644 index 00000000..c6047e4e --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/modules/trustsec_vn_vlan_mapping_info.py @@ -0,0 +1,149 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = r""" +--- +module: trustsec_vn_vlan_mapping_info +short_description: Information module for Trustsec VN VLAN Mapping +description: +- Get all Trustsec VN VLAN Mapping. +- Get Trustsec VN VLAN Mapping by id. +- Get VN-Vlan Mapping by id. +- Get all VN-Vlan Mappings. +version_added: '2.0.0' +extends_documentation_fragment: + - cisco.ise.module_info +author: Rafael Campos (@racampos) +options: + page: + description: + - Page query parameter. Page number. + type: int + size: + description: + - Size query parameter. Number of objects returned per page. + type: int + sort: + description: + - Sort query parameter. Sort type - asc or desc. + type: str + sortBy: + description: + - SortBy query parameter. Sort column by which objects needs to be sorted. + type: str + filter: + description: + - > + Filter query parameter. .. Container **Simple filtering** should be available through the filter query + string parameter. The structure of a filter is a triplet of field operator and value separated with dots. + More than one filter can be sent. The logical operator common to ALL filter criteria will be by default AND, + and can be changed by using the *"filterType=or"* query string parameter. + - Each resource Data model description should specify if an attribute is a filtered field. + - The 'EQ' operator describes 'Equals'. + - The 'NEQ' operator describes 'Not Equals'. + - The 'GT' operator describes 'Greater Than'. + - The 'LT' operator describes 'Less Than'. + - The 'STARTSW' operator describes 'Starts With'. + - The 'NSTARTSW' operator describes 'Not Starts With'. + - The 'ENDSW' operator describes 'Ends With'. + - The 'NENDSW' operator describes 'Not Ends With'. + - The 'CONTAINS' operator describes 'Contains'. + - The 'NCONTAINS' operator describes 'Not Contains'. + elements: str + type: list + filterType: + description: + - > + FilterType query parameter. The logical operator common to ALL filter criteria will be by default AND, and + can be changed by using the parameter. + type: str + id: + description: + - Id path parameter. + type: str +requirements: +- ciscoisesdk >= 2.0.8 +- python >= 3.5 +seealso: +- name: Cisco ISE documentation for vnVlanMapping + description: Complete reference of the vnVlanMapping API. + link: https://developer.cisco.com/docs/identity-services-engine/v1/#!trustsec-openapi +notes: + - SDK Method used are + vn_vlan_mapping.VnVlanMapping.get_vn_vlan_mapping_by_id, + vn_vlan_mapping.VnVlanMapping.get_vn_vlan_mappings_generator, + + - Paths used are + get /api/v1/trustsec/vnvlanmapping, + get /api/v1/trustsec/vnvlanmapping/{id}, + +""" + +EXAMPLES = r""" +- name: Get all Trustsec VN VLAN Mapping + cisco.ise.trustsec_vn_vlan_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + page: 0 + size: 0 + sort: string + sortBy: string + filter: [] + filterType: string + register: result + +- name: Get Trustsec VN VLAN Mapping by id + cisco.ise.trustsec_vn_vlan_mapping_info: + ise_hostname: "{{ise_hostname}}" + ise_username: "{{ise_username}}" + ise_password: "{{ise_password}}" + ise_verify: "{{ise_verify}}" + id: string + register: result + +""" + +RETURN = r""" +ise_response: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "isData": true, + "isDefaultVlan": true, + "lastUpdate": "string", + "maxValue": 0, + "name": "string", + "vnId": "string", + "vnName": "string" + } + ] + +ise_responses: + description: A dictionary or list with the response returned by the Cisco ISE Python SDK + returned: always + type: list + elements: dict + sample: > + [ + { + "id": "string", + "isData": true, + "isDefaultVlan": true, + "lastUpdate": "string", + "maxValue": 0, + "name": "string", + "vnId": "string", + "vnName": "string" + } + ] +""" diff --git a/ansible_collections/cisco/ise/plugins/plugin_utils/__init__.py b/ansible_collections/cisco/ise/plugins/plugin_utils/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/ansible_collections/cisco/ise/plugins/plugin_utils/exceptions.py b/ansible_collections/cisco/ise/plugins/plugin_utils/exceptions.py new file mode 100644 index 00000000..32df901b --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/plugin_utils/exceptions.py @@ -0,0 +1,18 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + + +class AnsibleISEException(Exception): + """Base class for all Ansible ISE package exceptions.""" + pass + + +class InconsistentParameters(AnsibleISEException): + """Provided parameters are not consistent.""" + pass diff --git a/ansible_collections/cisco/ise/plugins/plugin_utils/ise.py b/ansible_collections/cisco/ise/plugins/plugin_utils/ise.py new file mode 100644 index 00000000..2a2dce92 --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/plugin_utils/ise.py @@ -0,0 +1,259 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type +try: + from ciscoisesdk import api, exceptions +except ImportError: + ISE_SDK_IS_INSTALLED = False +else: + ISE_SDK_IS_INSTALLED = True +from ansible.module_utils.basic import AnsibleModule, env_fallback + +try: + from ansible.errors import AnsibleActionFail +except ImportError: + ANSIBLE_ERRORS_INSTALLED = False +else: + ANSIBLE_ERRORS_INSTALLED = True +try: + import logging +except ImportError: + LOGGING_IN_STANDARD = False +else: + LOGGING_IN_STANDARD = True + + +def is_list_complex(x): + return isinstance(x[0], dict) or isinstance(x[0], list) + + +def has_diff_elem(ls1, ls2): + return any((elem not in ls1 for elem in ls2)) + + +def compare_list(list1, list2): + len_list1 = len(list1) + len_list2 = len(list2) + if len_list1 != len_list2: + return False + + if len_list1 == 0: + return True + + attempt_std_cmp = list1 == list2 + if attempt_std_cmp: + return True + + if not is_list_complex(list1) and not is_list_complex(list2): + return set(list1) == set(list2) + + # Compare normally if it exceeds expected size * 2 (len_list1==len_list2) + MAX_SIZE_CMP = 100 + # Fail fast if elem not in list, thanks to any and generators + if len_list1 > MAX_SIZE_CMP: + return attempt_std_cmp + else: + # not changes 'has diff elem' to list1 != list2 ':lists are not equal' + has_diff_1 = has_diff_elem(list1, list2) + has_diff_2 = has_diff_elem(list2, list1) + return not has_diff_1 or not has_diff_2 + + +def fn_comp_key(k, dict1, dict2): + return ise_compare_equality(dict1.get(k), dict2.get(k)) + + +def ise_compare_equality(current_value, requested_value): + if requested_value is None: + return True + if current_value is None: + return True + if isinstance(current_value, dict) and isinstance(requested_value, dict): + all_dict_params = list(current_value.keys()) + list(requested_value.keys()) + return not any((not fn_comp_key(param, current_value, requested_value) for param in all_dict_params)) + elif isinstance(current_value, list) and isinstance(requested_value, list): + return compare_list(current_value, requested_value) + else: + return current_value == requested_value + + +def fn_comp_key2(k, dict1, dict2): + return ise_compare_equality2(dict1.get(k), dict2.get(k)) + + +def ise_compare_equality2(current_value, requested_value, is_query_param=False): + if is_query_param: + return True + if requested_value is None and current_value is None: + return True + if requested_value is None: + return False + if current_value is None: + return False + if isinstance(current_value, dict) and isinstance(requested_value, dict): + all_dict_params = list(current_value.keys()) + list(requested_value.keys()) + return not any((not fn_comp_key2(param, current_value, requested_value) for param in all_dict_params)) + elif isinstance(current_value, list) and isinstance(requested_value, list): + return compare_list(current_value, requested_value) + else: + return current_value == requested_value + + +def get_dict_result(result, key, value): + if isinstance(result, list): + if len(result) == 1: + if isinstance(result[0], dict): + result = result[0] + if result.get(key) is not None and result.get(key) != value: + result = None + else: + result = None + else: + for item in result: + if isinstance(item, dict) and (item.get(key) is None or item.get(key) == value): + result = item + return result + result = None + elif not isinstance(result, dict): + result = None + elif result.get(key) is not None and result.get(key) != value: + result = None + return result + + +def ise_argument_spec(): + argument_spec = dict( + ise_hostname=dict(type="str", fallback=(env_fallback, ['ISE_HOSTNAME']), required=True), + ise_username=dict(type="str", fallback=(env_fallback, ['ISE_USERNAME']), required=True), + ise_password=dict(type="str", fallback=(env_fallback, ['ISE_PASSWORD']), required=True, no_log=True), + ise_verify=dict(type="bool", default=True, fallback=(env_fallback, ['ISE_VERIFY'])), + ise_version=dict(type="str", default="3.1_Patch_1", fallback=(env_fallback, ['ISE_VERSION'])), + ise_wait_on_rate_limit=dict(type="bool", default=True, fallback=(env_fallback, ['ISE_WAIT_ON_RATE_LIMIT'])), + ise_uses_api_gateway=dict(type="bool", default=True, fallback=(env_fallback, ['ISE_USES_API_GATEWAY'])), + ise_uses_csrf_token=dict(type="bool", default=False, fallback=(env_fallback, ['ISE_USES_CSRF_TOKEN'])), + ise_debug=dict(type="bool", default=False, fallback=(env_fallback, ['ISE_DEBUG'])), + ) + return argument_spec + + +def get_ise_url(hostname, port=None): + url_result = "https://{hostname}".format(hostname=hostname) + if port: + url_result = url_result + ":{port}".format(port=port) + return url_result + + +class ISESDK(object): + def __init__(self, params): + self.result = dict(changed=False, result="") + if ISE_SDK_IS_INSTALLED: + ise_uses_api_gateway = params.get("ise_uses_api_gateway") + ui_base_url = None + ers_base_url = None + mnt_base_url = None + px_grid_base_url = None + if not ise_uses_api_gateway: + ui_base_url = get_ise_url(params.get("ise_hostname"), port="443") + ers_base_url = get_ise_url(params.get("ise_hostname"), port="9060") + mnt_base_url = get_ise_url(params.get("ise_hostname"), port="443") + px_grid_base_url = get_ise_url(params.get("ise_hostname"), port="8910") + + self.api = api.IdentityServicesEngineAPI( + username=params.get("ise_username"), + password=params.get("ise_password"), + base_url=get_ise_url(params.get("ise_hostname"), port=None), + ui_base_url=ui_base_url, + ers_base_url=ers_base_url, + mnt_base_url=mnt_base_url, + px_grid_base_url=px_grid_base_url, + verify=params.get("ise_verify"), + version=params.get("ise_version"), + wait_on_rate_limit=params.get("ise_wait_on_rate_limit"), + uses_api_gateway=ise_uses_api_gateway, + uses_csrf_token=params.get("ise_uses_csrf_token"), + debug=params.get("ise_debug"), + ) + if params.get("ise_debug") and LOGGING_IN_STANDARD: + logging.getLogger('ciscoisesdk').addHandler(logging.StreamHandler()) + else: + self.fail_json(msg="Cisco ISE Python SDK is not installed. Execute 'pip install ciscoisesdk'") + + def changed(self): + self.result["changed"] = True + + def object_created(self): + self.changed() + self.result["result"] = "Object created" + + def object_updated(self): + self.changed() + self.result["result"] = "Object updated" + + def object_deleted(self): + self.changed() + self.result["result"] = "Object deleted" + + def object_already_absent(self): + self.result["result"] = "Object already absent" + + def object_already_present(self): + self.result["result"] = "Object already present" + + def object_present_and_different(self): + self.result["result"] = "Object already present, but it has different values to the requested" + + def object_modify_result(self, changed=None, result=None): + if result is not None: + self.result["result"] = result + if changed: + self.changed() + + def exec(self, family, function, params=None, handle_func_exception=True): + try: + family = getattr(self.api, family) + func = getattr(family, function) + except Exception as e: + self.fail_json( + msg=( + "An error occured when retrieving operation." + " The error was: {error}" + ).format(error=e) + ) + + try: + if params: + response = func(**params) + else: + response = func() + except exceptions.ciscoisesdkException as e: + if handle_func_exception: + self.fail_json( + msg=( + "An error occured when executing operation." + " The error was: {error}" + ).format(error=e) + ) + else: + raise e + return response + + def fail_json(self, msg, **kwargs): + self.result.update(**kwargs) + raise AnsibleActionFail(msg, kwargs) + + def exit_json(self): + return self.result + + +def main(): + pass + + +if __name__ == "__main__": + main() diff --git a/ansible_collections/cisco/ise/plugins/plugin_utils/personas_utils.py b/ansible_collections/cisco/ise/plugins/plugin_utils/personas_utils.py new file mode 100644 index 00000000..1f30a10c --- /dev/null +++ b/ansible_collections/cisco/ise/plugins/plugin_utils/personas_utils.py @@ -0,0 +1,195 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +# Copyright (c) 2021, Cisco Systems +# GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +try: + from ansible.errors import AnsibleActionFail +except ImportError: + ANSIBLE_ERRORS_INSTALLED = False +else: + ANSIBLE_ERRORS_INSTALLED = True +try: + import requests +except ImportError: + REQUESTS_INSTALLED = False +else: + REQUESTS_INSTALLED = True +import json +import zipfile +import io + + +class Node(object): + def __init__(self, node): + requests.packages.urllib3.disable_warnings() + self.name = node.get("name") + self.ip = node.get("ip") + self.fqdn = node.get("fqdn") + self.hostname = node.get("hostname") + self.username = node.get("username") + self.password = node.get("password") + self.roles = node.get("roles") + self.services = node.get("services") + + def __str__(self): + return "{name} <{ip}>".format(name=self.name, ip=self.ip) + + def __repr__(self): + return "{name} <{ip}>".format(name=self.name, ip=self.ip) + + def is_standalone(self): + headers = {'Content-Type': 'application/json'} + url = "https://{ip}/api/v1/deployment/node/{hostname}".format(ip=self.ip, hostname=self.hostname) + response = False + try: + response = requests.get(url=url, headers=headers, auth=(self.username, self.password), verify=False) + except Exception as e: + raise AnsibleActionFail("Couldn't connect, the node might be still initializing, try again in a few minutes. Error received: {e}".format(e=e)) + if not response: + raise AnsibleActionFail("Couldn't get a valid response from the API. Maybe the node is still initializing, try again in a few minutes.") + else: + response = json.loads(response.text).get("response") + if "Standalone" in response.get("roles"): + return True + return False + + def app_server_is_running(self): + url = "https://{ip}/ers/config/op/systemconfig/iseversion".format(ip=self.ip) + headers = {'Accept': 'application/json'} + try: + response = requests.get(url=url, headers=headers, auth=(self.username, self.password), verify=False) + # Application Server is down but API Gateway is up + if response.status_code == 502: + return False + # The Application Server is up + if response.status_code == 200: + return True + # Any other case return False + else: + return False + # Both Application Server and API Gateway are down + except Exception as e: + return False + + def return_id_of_certificate(self): + url = "https://{ip}/api/v1/certs/system-certificate/{hostname}".format(ip=self.ip, hostname=self.hostname) + headers = {'Content-Type': 'application/json', 'Accept': 'application/json'} + try: + response = requests.get(url=url, timeout=15, headers=headers, auth=(self.username, self.password), verify=False) + except requests.exceptions.ReadTimeout: + raise AnsibleActionFail("The request timed out. Please verify that the API is enabled on the node.") + except Exception as e: + raise AnsibleActionFail(e) + json_response = json.loads(response.text) + for item in json_response.get("response"): + if item.get("friendlyName") == "Default self-signed server certificate": + return item.get("id") + + def register_to_primary(self, primary): + headers = {'Content-Type': 'application/json'} + url = "https://{primary_ip}/api/v1/deployment/node".format(primary_ip=primary.ip) + data = json.dumps({ + "fqdn": self.fqdn, + "userName": self.username, + "password": self.password, + "allowCertImport": True, + "roles": self.roles, + "services": self.services + }) + try: + response = requests.post(url=url, timeout=300, auth=(primary.username, primary.password), headers=headers, data=data, verify=False) + except Exception as e: + raise AnsibleActionFail(e) + if not response: + raise AnsibleActionFail("Failed to receive a valid response from the API. The actual response was: {response}".format(response=response.text)) + + def get_roles_services(self): + headers = {'Content-Type': 'application/json'} + url = "https://{ip}/api/v1/deployment/node/{hostname}".format(ip=self.ip, hostname=self.hostname) + response = False + try: + response = requests.get(url=url, headers=headers, auth=(self.username, self.password), verify=False) + except Exception as e: + raise AnsibleActionFail("Couldn't connect, the node might be still initializing, try again in a few minutes. Error received: {e}".format(e=e)) + if not response: + raise AnsibleActionFail("Couldn't get a valid response from the API. Maybe the node is still initializing, try again in a few minutes.") + else: + response = json.loads(response.text).get("response") + return response + + def update_roles_services(self): + headers = {'Content-Type': 'application/json'} + url = "https://{ip}/api/v1/deployment/node/{hostname}".format(ip=self.ip, hostname=self.hostname) + data = json.dumps({ + "roles": self.roles, + "services": self.services + }) + try: + response = requests.put(url=url, timeout=300, auth=(self.username, self.password), headers=headers, data=data, verify=False) + except Exception as e: + raise AnsibleActionFail(e) + if not response: + raise AnsibleActionFail("Failed to receive a valid response from the API. The actual response was: {response}".format(response=response.text)) + + def import_certificate_into_primary(self, primary_node): + cert_id = self.return_id_of_certificate() + data = json.dumps({"id": cert_id, "export": "CERTIFICATE"}) + url = "https://{ip}/api/v1/certs/system-certificate/export".format(ip=self.ip) + headers = {'Content-Type': 'application/json', 'Accept': 'application/json'} + try: + response = requests.post(url=url, timeout=15, data=data, headers=headers, auth=(self.username, self.password), verify=False) + except Exception as e: + AnsibleActionFail(e) + + if not response.status_code == 200: + raise AnsibleActionFail("Received status code {status_code} when exporting certificate.".format(status_code=str(response.status_code))) + + zf = zipfile.ZipFile(io.BytesIO(response.content), 'r') + cert_data = zf.read("Defaultselfsignedservercerti.pem") + data = json.dumps({ + "allowBasicConstraintCAFalse": True, + "allowOutOfDateCert": False, + "allowSHA1Certificates": True, + "trustForCertificateBasedAdminAuth": True, + "trustForCiscoServicesAuth": True, + "trustForClientAuth": True, + "data": cert_data.decode("utf-8"), + "trustForIseAuth": True, + "name": self.name, + "validateCertificateExtensions": True + }) + url = "https://{primary_ip}/api/v1/certs/trusted-certificate/import".format(primary_ip=primary_node.ip) + headers = {'Content-Type': 'application/json', 'Accept': 'application/json'} + try: + response = requests.post(url=url, + timeout=15, + data=data, + headers=headers, + auth=(self.primary_node.username, self.primary_node.password), + verify=False + ) + return_message = json.loads(response.text)["response"]["message"] + except Exception as e: + AnsibleActionFail(e) + + if not response.status_code == 200: + if not (return_message == 'Trust certificate was added successfully' or + return_message == "Certificates are having same subject, same serial number and they are binary equal. Hence skipping the replace"): + raise AnsibleActionFail("Unexpected response from API. Received response was {message}".format(message=return_message)) + + def promote_to_primary(self): + headers = {'Content-Type': 'application/json'} + url = "https://{ip}/api/v1/deployment/primary".format(ip=self.ip) + try: + response = requests.post(url=url, headers=headers, auth=(self.username, self.password), verify=False, timeout=60) + if response.status_code == 200: + return True + else: + raise AnsibleActionFail("Could not update node to PRIMARY") + except Exception as e: + raise AnsibleActionFail(e) -- cgit v1.2.3