├── changelogs ├── .gitignore ├── config.yaml └── changelog.yaml ├── meta └── runtime.yml ├── tests ├── integration │ ├── target-prefixes.network │ ├── targets │ │ ├── nae_ag │ │ │ ├── aliases │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── nae_tcam │ │ │ ├── aliases │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── nae_prechange │ │ │ ├── aliases │ │ │ └── tasks │ │ │ │ ├── tenant_delete_dump.json │ │ │ │ ├── contract.json │ │ │ │ ├── contract_identical.json │ │ │ │ ├── main.yml │ │ │ │ ├── ansible_dump.json │ │ │ │ ├── file_upload.yml │ │ │ │ └── manual_upload.yml │ │ └── nae_compliance │ │ │ ├── aliases │ │ │ └── tasks │ │ │ ├── create_ag.yml │ │ │ └── main.yml │ ├── network-integration.requirements.txt │ └── inventory.networking └── sanity │ ├── requirements.txt │ ├── ignore-2.9.txt │ └── ignore-2.10.txt ├── requirements.txt ├── playbooks ├── inventory ├── tcam.yaml ├── dmz.yaml ├── nae_query.yaml ├── agtest.yaml ├── nae_create.yaml ├── nae_comp.yaml ├── usage.yaml └── full_aci_demo.yaml ├── .github └── workflows │ ├── galaxy-importer.cfg │ └── ansible-test.yml ├── galaxy.yml ├── plugins └── modules │ ├── nae_tcam.py │ ├── nae_file_management.py │ ├── nae_delta.py │ ├── nae_offline_analysis.py │ ├── nae_ag.py │ ├── nae_compliance.py │ └── nae_prechange.py ├── README.md ├── CHANGELOG.rst ├── .gitignore └── LICENSE /changelogs/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | /.plugin-cache.yaml -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: '>=2.9.10' -------------------------------------------------------------------------------- /tests/integration/target-prefixes.network: -------------------------------------------------------------------------------- 1 | nae 2 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | filelock 2 | requests 3 | jsonpath_ng 4 | requests_toolbelt 5 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_ag/aliases: -------------------------------------------------------------------------------- 1 | # No NAE simulator yet, so not enabled 2 | # unsupported -------------------------------------------------------------------------------- /tests/integration/targets/nae_tcam/aliases: -------------------------------------------------------------------------------- 1 | # No NAE simulator yet, so not enabled 2 | # unsupported -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/aliases: -------------------------------------------------------------------------------- 1 | # No NAE simulator yet, so not enabled 2 | # unsupported -------------------------------------------------------------------------------- /tests/sanity/requirements.txt: -------------------------------------------------------------------------------- 1 | requests-toolbelt 2 | requests 3 | jsonpath_ng 4 | pathlib 5 | filelock -------------------------------------------------------------------------------- /tests/integration/targets/nae_compliance/aliases: -------------------------------------------------------------------------------- 1 | # No NAE simulator yet, so not enabled 2 | # unsupported -------------------------------------------------------------------------------- /tests/integration/network-integration.requirements.txt: -------------------------------------------------------------------------------- 1 | requests-toolbelt 2 | requests 3 | jsonpath_ng 4 | pathlib 5 | filelock -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/tenant_delete_dump.json: -------------------------------------------------------------------------------- 1 | [{"fvTenant": {"attributes": {"name": "AnsibleTest", "dn": "uni/tn-AnsibleTest", "status": "deleted"}}}] -------------------------------------------------------------------------------- /playbooks/inventory: -------------------------------------------------------------------------------- 1 | [all] 2 | localhost ansible_connection=local 3 | #candid-amslab.cisco.com 4 | 5 | 6 | [all:vars] 7 | ansible_python_interpreter=/usr/local/bin/python3 8 | validate_certs='no' 9 | -------------------------------------------------------------------------------- /.github/workflows/galaxy-importer.cfg: -------------------------------------------------------------------------------- 1 | 2 | [galaxy-importer] 3 | LOG_LEVEL_MAIN = INFO 4 | RUN_FLAKE8 = True 5 | RUN_ANSIBLE_DOC = True 6 | RUN_ANSIBLE_LINT = True 7 | RUN_ANSIBLE_TEST = False 8 | ANSIBLE_TEST_LOCAL_IMAGE = False 9 | LOCAL_IMAGE_DOCKER = False 10 | INFRA_OSD = False -------------------------------------------------------------------------------- /tests/integration/inventory.networking: -------------------------------------------------------------------------------- 1 | localhost nae_host=173.36.219.125 validate_certs='no' nae_port=443 nae_username=ansible.github.ci nae_password=4C%269@RJKxdzneXpDd 2 | [nae] 3 | localhost 4 | 5 | [nae:vars] 6 | apic_hostname=173.36.219.25 7 | apic_username=ansible_github_ci 8 | apic_password="sJ94G92#8dq2hx*K4qh" 9 | ansible_connection=local 10 | ansible_python_interpreter=/usr/bin/python3.8 -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/contract.json: -------------------------------------------------------------------------------- 1 | { 2 | "vzBrCP": { 3 | "attributes": { 4 | "descr": "", 5 | "intent": "install", 6 | "nameAlias": "", 7 | "prio": "unspecified", 8 | "scope": "context", 9 | "targetDscp": "unspecified", 10 | "dn": "uni/tn-AnsibleTest/brc-test_brc", 11 | "name": "test_brc", 12 | "pcv_status": "created" 13 | }, 14 | "children": [] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/contract_identical.json: -------------------------------------------------------------------------------- 1 | { 2 | "vzBrCP": { 3 | "attributes": { 4 | "descr": "", 5 | "intent": "install", 6 | "nameAlias": "", 7 | "prio": "unspecified", 8 | "scope": "context", 9 | "targetDscp": "unspecified", 10 | "dn": "uni/tn-AnsibleTest/brc-test_brc", 11 | "name": "test_brc", 12 | "pcv_status": "created" 13 | }, 14 | "children": [] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /playbooks/tcam.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 3 | # will fail since only one PCA can run on NAE at a time. 4 | - name: NAE TESTING 5 | hosts: all 6 | vars: 7 | nae_login: &nae_login 8 | host: 173.36.219.127 9 | port: 443 10 | username: admin 11 | password: ins3965!ins3965! 12 | validate_certs: False 13 | tasks: 14 | - name: Create a pre-change analysis from file 15 | nae_tcam: 16 | <<: *nae_login 17 | file: tcam_out 18 | ag_name: Migration 19 | -------------------------------------------------------------------------------- /playbooks/dmz.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 3 | # will fail since only one PCA can run on NAE at a time. 4 | - name: NAE TESTING 5 | hosts: all 6 | vars: 7 | nae_login: &nae_login 8 | host: 173.36.219.127 9 | port: 443 10 | username: admin 11 | password: ins3965!ins3965! 12 | validate_certs: False 13 | tasks: 14 | - name: Testing delta 15 | nae_delta: 16 | <<: *nae_login 17 | name: Test 18 | state: query 19 | ag_name: lh-dmz1-pod1-aci-v32 20 | -------------------------------------------------------------------------------- /playbooks/nae_query.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Testing first NAE Ansible Module!! 3 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 4 | # will fail since only one PCA can run on NAE at a time. 5 | - name: NAE TESTING 6 | hosts: all 7 | vars: 8 | nae_login: &nae_login 9 | host: 10.67.185.100 10 | port: 8448 11 | username: admin 12 | password: C@ndidadmin1234 13 | validate_certs: False 14 | tasks: 15 | - name: Delete 16 | nae_compliance: 17 | <<: *nae_login 18 | state: absent 19 | selector: object 20 | name: DataBasez 21 | ... 22 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | namespace: cisco 3 | name: nae 4 | # The version of the collection. Must be compatible with semantic versioning 5 | version: 1.0.1 6 | readme: README.md 7 | authors: 8 | - Shantanu Kulkarni (@Shan-KulK) 9 | description: Ansible Modules for Cisco NAE 10 | license_file: 'LICENSE' 11 | tags: 12 | - cisco 13 | - nae 14 | - cloud 15 | - collection 16 | - networking 17 | - sdn 18 | - assurance 19 | repository: https://github.com/CiscoDevNet/ansible-nae 20 | # documentation: https://docs.ansible.com/ansible/latest/scenario_guides/guide_nae.html 21 | homepage: https://github.com/CiscoDevNet/ansible-nae 22 | issues: https://github.com/CiscoDevNet/ansible-nae/issues 23 | ... 24 | -------------------------------------------------------------------------------- /playbooks/agtest.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 3 | # will fail since only one PCA can run on NAE at a time. 4 | - name: NAE TESTING 5 | hosts: all 6 | vars: 7 | nae_login: &nae_login 8 | host: 10.66.176.111 9 | port: 443 10 | username: admin 11 | password: C@ndidadmin1234 12 | validate_certs: False 13 | tasks: 14 | #- name: Create offline ag 15 | #nae_ag: 16 | #<<: *nae_login 17 | #name: Test 18 | #state: present 19 | - name: Create Online Assurance Group (with APIC Configuration Export Polciy) 20 | nae_ag: 21 | <<: *nae_login 22 | state: query 23 | ... 24 | -------------------------------------------------------------------------------- /playbooks/nae_create.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Testing first NAE Ansible Module!! 3 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 4 | # will fail since only one PCA can run on NAE at a time. 5 | - name: NAE TESTING 6 | hosts: all 7 | vars: 8 | nae_login: &nae_login 9 | host: 10.67.185.100 10 | port: 8448 11 | username: admin 12 | password: C@ndidadmin1234 13 | validate_certs: False 14 | tasks: 15 | - name: Create a pre-change analysis from file 16 | nae_prechange: 17 | <<: *nae_login 18 | ag_name: FAB2 19 | file: dump.json 20 | verify: True 21 | name: TestingTdn 22 | state: present 23 | ... 24 | -------------------------------------------------------------------------------- /changelogs/config.yaml: -------------------------------------------------------------------------------- 1 | changelog_filename_template: ../CHANGELOG.rst 2 | changelog_filename_version_depth: 0 3 | changes_file: changelog.yaml 4 | changes_format: combined 5 | ignore_other_fragment_extensions: true 6 | keep_fragments: false 7 | mention_ancestor: true 8 | new_plugins_after_name: removed_features 9 | notesdir: fragments 10 | prelude_section_name: release_summary 11 | prelude_section_title: Release Summary 12 | sections: 13 | - - major_changes 14 | - Major Changes 15 | - - minor_changes 16 | - Minor Changes 17 | - - breaking_changes 18 | - Breaking Changes / Porting Guide 19 | - - deprecated_features 20 | - Deprecated Features 21 | - - removed_features 22 | - Removed Features (previously deprecated) 23 | - - security_fixes 24 | - Security Fixes 25 | - - bugfixes 26 | - Bugfixes 27 | - - known_issues 28 | - Known Issues 29 | title: Cisco NAE Ansible Collection 30 | trivial_section_name: trivial 31 | use_fqcn: true -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Anvitha Jain (@anvitha-jain) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Test that we have an NAE host, NAE username and NAE password 7 | fail: 8 | msg: 'Please define the following variables: nae_host, nae_username and nae_password.' 9 | when: nae_host is not defined or nae_username is not defined or nae_password is not defined 10 | 11 | - name: Set vars 12 | set_fact: 13 | nae_info: &nae_info 14 | host: '{{ nae_host }}' 15 | port: '{{ nae_port }}' 16 | username: '{{ nae_username }}' 17 | password: '{{ nae_password }}' 18 | validate_certs: '{{ nae_validate_certs | default(false) }}' 19 | 20 | - name: Check whether AG Change Management exists 21 | cisco.nae.nae_ag: 22 | <<: *nae_info 23 | name: Change Management 24 | state: query 25 | register: check_ag 26 | 27 | - name: Check if Assurance group Change Management exist (else create) 28 | include_tasks: ../../../../../../integration/targets/nae_compliance/tasks/create_ag.yml 29 | tags: create_ag 30 | when: check_ag.msg is defined and check_ag.msg == "Assurance group Change Management does not exist" 31 | 32 | # CLEAN ENVIRONMENT 33 | - name: Delete a pre_change analysis 34 | nae_prechange: 35 | <<: *nae_info 36 | ag_name: Change Management 37 | name: '{{ item }}' 38 | state: absent 39 | ignore_errors: True 40 | loop: 41 | - ansible_manual_upload 42 | - ansible_manual_upload_2 43 | - ansible_manual_upload_3 44 | - ansible_file_upload 45 | - ansible_file_upload_2 46 | - ansible_file_upload_3 47 | - ansible_file_upload_tenant 48 | 49 | - name: Run file upload tasks 50 | include_tasks: file_upload.yml 51 | tags: file_upload 52 | 53 | - name: Pause for 5 minutes to complete pre-change analysis in the previous step 54 | pause: 55 | minutes: 5 56 | 57 | - name: Run manual upload tasks 58 | include_tasks: manual_upload.yml 59 | tags: manual_upload 60 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_compliance/tasks/create_ag.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Cindy Zhao (cizhao) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Test that we have an NAE host, NAE username and NAE password 7 | fail: 8 | msg: 'Please define the following variables: nae_host, nae_username and nae_password.' 9 | when: nae_host is not defined or nae_username is not defined or nae_password is not defined 10 | 11 | - name: Set vars 12 | set_fact: 13 | nae_info: &nae_info 14 | host: '{{ nae_host }}' 15 | username: '{{ nae_username }}' 16 | password: '{{ nae_password }}' 17 | validate_certs: '{{ nae_validate_certs | default(false) }}' 18 | 19 | - name: Create AG 20 | cisco.nae.nae_ag: 21 | <<: *nae_info 22 | name: Change Management 23 | state: present 24 | 25 | - name: Download files 26 | get_url: 27 | url: "https://github.com/CiscoDevNet/ansible-nae/raw/datasets/{{item}}" 28 | dest: /tmp/ 29 | loop: 30 | - ChangeMgmtCorrectScopeOverlappingSubnet_2020-10-22_22_36_21.tar.gz 31 | - ChangeMgmtCorrect_2020-10-22_22_38_14.tar.gz 32 | - ChangeMgmtSegmentationCompliance_2020-10-22_22_40_40.tar.gz 33 | - ChangeMgmtWrongScope_2020-10-22_22_34_03.tar.gz 34 | - DcOpsDupIP_2020-10-22_22_27_48.tar.gz 35 | - DcOpsNoDupIP_2020-10-22_22_30_09.tar.gz 36 | - DcOpsNoFilter_2020-10-22_22_32_08.tar.gz 37 | - EpochDeltaDupIP_2020-10-22_22_42_53.tar.gz 38 | - EpochDeltaNoDupIP.tar.gz 39 | - Migrations1_.tar.gz 40 | 41 | - name: Upload Files 42 | cisco.nae.nae_file_management: 43 | <<: *nae_info 44 | file: "{{ item }}" 45 | #Get the file name and remove the date i.e. a file name is something like this aci/files/datasets/ChangeMgmt2_2020-09-03_23_22_28.tar.gz 46 | name: "{{ item.split('/')[-1].split('_')[0] }}" 47 | state: present 48 | with_fileglob: 49 | - /tmp/*.tar.gz 50 | 51 | - name: Do Offline Analysis 52 | cisco.nae.nae_offline_analysis: 53 | <<: *nae_info 54 | state: present 55 | complete: true 56 | name: "{{ item.split('/')[-1].split('_')[0] }}" 57 | ag_name: "Change Management" 58 | filename: "{{ item.split('/')[-1].split('_')[0] }}" 59 | with_fileglob: 60 | - /tmp/*.tar.gz 61 | when: "'ChangeMgmt' in item" -------------------------------------------------------------------------------- /playbooks/nae_comp.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Testing first NAE Ansible Module!! 3 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 4 | # will fail since only one PCA can run on NAE at a time. 5 | - name: NAE TESTING 6 | hosts: all 7 | vars: 8 | nae_login: &nae_login 9 | host: 10.67.185.100 10 | port: 8448 11 | username: admin 12 | password: C@ndidadmin1234 13 | validate_certs: False 14 | tasks: 15 | - name: Create an object selector 16 | nae_compliance: 17 | <<: *nae_login 18 | state: present 19 | selector: object 20 | form: | 21 | { 22 | "name": "Testingobjzzzzzzz", 23 | "description": null, 24 | "includes": [ 25 | { 26 | "matches": [ 27 | { 28 | "application_epgmatch": { 29 | "object_attribute": "DN", 30 | "tenant": { 31 | "pattern": "NAE_Compliance", 32 | "type": "EXACT" 33 | }, 34 | "application_profile": { 35 | "pattern": "ComplianceIsGood", 36 | "type": "EXACT" 37 | }, 38 | "application_epg": { 39 | "pattern": "DataBase", 40 | "type": "EXACT" 41 | } 42 | } 43 | } 44 | ] 45 | } 46 | ], 47 | "excludes": [], 48 | "selector_type": "OST_EPG" 49 | } 50 | - name: Create a compliance requirement 51 | nae_compliance: 52 | <<: *nae_login 53 | state: present 54 | selector: requirement 55 | form: | 56 | { 57 | "name": "TestingSegmentationzzzzzzzz", 58 | "config_compliance_parameter": { 59 | }, 60 | "epg_selector_a": "FrontEnd", 61 | "epg_selector_b": "DataBase", 62 | "requirement_type": "SEGMENTATION", 63 | "communication_type": "MUST_NOT", 64 | "is_all_traffic": false 65 | } 66 | - name: Create a compliance requirement set 67 | nae_compliance: 68 | <<: *nae_login 69 | state: present 70 | selector: requirement_set 71 | ag_name: FAB2 72 | form: | 73 | { 74 | "name": "Segmentation Compliancezzzzzz", 75 | "requirements": [ 76 | "Segmentation" 77 | ] 78 | } 79 | ... 80 | -------------------------------------------------------------------------------- /tests/sanity/ignore-2.9.txt: -------------------------------------------------------------------------------- 1 | plugins/modules/nae_ag.py import-2.6 2 | plugins/module_utils/nae.py import-2.6 3 | plugins/modules/nae_compliance.py import-2.6 4 | plugins/modules/nae_delta.py import-2.6 5 | plugins/modules/nae_file_management.py import-2.6 6 | plugins/modules/nae_offline_analysis.py import-2.6 7 | plugins/modules/nae_prechange.py import-2.6 8 | plugins/modules/nae_tcam.py import-2.6 9 | plugins/modules/nae_ag.py import-2.7 10 | plugins/module_utils/nae.py import-2.7 11 | plugins/modules/nae_compliance.py import-2.7 12 | plugins/modules/nae_delta.py import-2.7 13 | plugins/modules/nae_file_management.py import-2.7 14 | plugins/modules/nae_offline_analysis.py import-2.7 15 | plugins/modules/nae_prechange.py import-2.7 16 | plugins/modules/nae_tcam.py import-2.7 17 | plugins/modules/nae_ag.py import-3.5 18 | plugins/module_utils/nae.py import-3.5 19 | plugins/modules/nae_compliance.py import-3.5 20 | plugins/modules/nae_delta.py import-3.5 21 | plugins/modules/nae_file_management.py import-3.5 22 | plugins/modules/nae_offline_analysis.py import-3.5 23 | plugins/modules/nae_prechange.py import-3.5 24 | plugins/modules/nae_tcam.py import-3.5 25 | plugins/modules/nae_ag.py import-3.6 26 | plugins/module_utils/nae.py import-3.6 27 | plugins/modules/nae_compliance.py import-3.6 28 | plugins/modules/nae_delta.py import-3.6 29 | plugins/modules/nae_file_management.py import-3.6 30 | plugins/modules/nae_offline_analysis.py import-3.6 31 | plugins/modules/nae_prechange.py import-3.6 32 | plugins/modules/nae_tcam.py import-3.6 33 | plugins/modules/nae_ag.py import-3.7 34 | plugins/module_utils/nae.py import-3.7 35 | plugins/modules/nae_compliance.py import-3.7 36 | plugins/modules/nae_delta.py import-3.7 37 | plugins/modules/nae_file_management.py import-3.7 38 | plugins/modules/nae_offline_analysis.py import-3.7 39 | plugins/modules/nae_prechange.py import-3.7 40 | plugins/modules/nae_tcam.py import-3.7 41 | plugins/modules/nae_ag.py import-3.8 42 | plugins/module_utils/nae.py import-3.8 43 | plugins/modules/nae_compliance.py import-3.8 44 | plugins/modules/nae_delta.py import-3.8 45 | plugins/modules/nae_file_management.py import-3.8 46 | plugins/modules/nae_offline_analysis.py import-3.8 47 | plugins/modules/nae_prechange.py import-3.8 48 | plugins/modules/nae_tcam.py import-3.8 49 | plugins/modules/nae_ag.py validate-modules:import-error 50 | plugins/modules/nae_compliance.py validate-modules:import-error 51 | plugins/modules/nae_delta.py validate-modules:import-error 52 | plugins/modules/nae_file_management.py validate-modules:import-error 53 | plugins/modules/nae_offline_analysis.py validate-modules:import-error 54 | plugins/modules/nae_prechange.py validate-modules:import-error 55 | plugins/modules/nae_tcam.py validate-modules:import-error -------------------------------------------------------------------------------- /plugins/modules/nae_tcam.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # GNU General Public License v3.0+ (see COPYING or 5 | # https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | __metaclass__ = type 9 | 10 | 11 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 12 | 'supported_by': 'certified'} 13 | 14 | DOCUMENTATION = \ 15 | r''' 16 | --- 17 | module: nae_tcam 18 | short_description: Export tcam stats as csv. 19 | description: 20 | - Manage compliance objects on Cisco NAE fabrics. 21 | version_added: '0.0.2' 22 | options: 23 | ag_name: 24 | description: 25 | - Name of assurance group 26 | type: str 27 | required: yes 28 | file: 29 | description: 30 | - Path to file to write tcam data to (csv) 31 | type: str 32 | author: 33 | - Shantanu Kulkarni (@shan_kulk) 34 | ''' 35 | 36 | EXAMPLES = \ 37 | r''' 38 | - name: Get tcam results 39 | cisco.nae.nae_tcam: 40 | host: nae 41 | port: 8080 42 | username: Admin 43 | password: 1234 44 | ag_name: fab1 45 | - name: Get tcam results and write to local csv file 46 | cisco.nae.nae_tcam: 47 | host: nae 48 | port: 8080 49 | username: Admin 50 | password: 1234 51 | ag_name: fab1 52 | file: tcam_data 53 | ''' 54 | 55 | RETURN = \ 56 | ''' 57 | resp: 58 | description: Return payload 59 | type: str 60 | returned: always 61 | ''' 62 | 63 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 64 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 65 | from ansible.module_utils.basic import AnsibleModule 66 | import requests 67 | 68 | 69 | def main(): 70 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 71 | argument_spec = nae_argument_spec() 72 | argument_spec.update( # Not required for querying all objects 73 | validate_certs=dict(type='bool', default=False), 74 | file=dict(type='str', default=""), 75 | ag_name=dict(type='str', default="") 76 | ) 77 | 78 | module = AnsibleModule(argument_spec=argument_spec, 79 | supports_check_mode=True, 80 | ) 81 | file = module.params.get('file') 82 | ag_name = module.params.get('ag_name') 83 | nae = NAEModule(module) 84 | if ag_name and file: 85 | nae.tcam_to_csv() 86 | module.exit_json(**nae.result) 87 | if ag_name: 88 | nae.result['tcam'] = nae.get_tcam_stats() 89 | module.exit_json(**nae.result) 90 | module.fail_json(msg='Incorrect parameters passed', **nae.result) 91 | 92 | 93 | if __name__ == '__main__': 94 | main() 95 | -------------------------------------------------------------------------------- /playbooks/usage.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Note: This playbook is only to illustrate all module functionality. Running both add from change list and add from file 3 | # will fail since only one PCA can run on NAE at a time. 4 | - name: NAE TESTING 5 | hosts: all 6 | vars: 7 | nae_login: &nae_login 8 | host: 173.36.219.127 9 | port: 443 10 | username: admin 11 | password: ins3965!ins3965! 12 | validate_certs: False 13 | tasks: 14 | - name: Add a new Pre-change analysis by specifying change list manually 15 | nae_prechange: 16 | <<: *nae_login 17 | ag_name: FAB2 18 | name: Testing AddBD 19 | changes: | 20 | [{ 21 | "bd_change": { 22 | "action": "ADD", 23 | "dn": "uni/tn-PreChange/BD-BD2", 24 | "optimize_wan_bandwidth": "no", 25 | "type": "regular", 26 | "arp_flood": "no", 27 | "ip_learning": "yes", 28 | "limit_ip_learn_to_subnets": "yes", 29 | "unk_mac_ucast_act": "proxy", 30 | "unicast_route": "yes", 31 | "multi_dst_pkt_act": "bd-flood", 32 | "unk_mcast_act": "flood", 33 | "multi_cast_allow": "no", 34 | "vrf_name": "VRF1" 35 | } 36 | }, 37 | { 38 | "network_subnet_change": { 39 | "action": "ADD", 40 | "dn": "uni/tn-PreChange/BD-BD2/subnet-10.0.0.1/8", 41 | "scope": "private", 42 | "make_this_primary_ip_address": "no", 43 | "treat_as_virtual_ip_address": "no", 44 | "subnet_control": "nd" 45 | } 46 | }] 47 | state: present 48 | delegate_to: localhost 49 | - name: Query all pre-change analyses 50 | nae_prechange: 51 | <<: *nae_login 52 | ag_name: FAB2 53 | state: query 54 | delegate_to: localhost 55 | - name: Delete an analysis 56 | nae_prechange: 57 | <<: *nae_login 58 | ag_name: FAB2 59 | name: test 60 | state: absent 61 | - name: Query a pre-change analysis 62 | nae_prechange: 63 | <<: *nae_login 64 | ag_name: FAB2 65 | name: Testing 66 | state: query 67 | - name: Create a pre-change analysis from file 68 | nae_prechange: 69 | <<: *nae_login 70 | ag_name: FAB2 71 | file: ../test.json 72 | name: New 73 | state: present 74 | - name: Create a pre-change analysis from unparsed aci dumpfile 75 | nae_prechange: 76 | <<: *nae_login 77 | ag_name: FAB2 78 | file: dump.json 79 | name: New 80 | state: present 81 | verify: True 82 | ... 83 | -------------------------------------------------------------------------------- /tests/sanity/ignore-2.10.txt: -------------------------------------------------------------------------------- 1 | plugins/modules/nae_ag.py import-2.6 2 | plugins/module_utils/nae.py import-2.6 3 | plugins/modules/nae_compliance.py import-2.6 4 | plugins/modules/nae_delta.py import-2.6 5 | plugins/modules/nae_file_management.py import-2.6 6 | plugins/modules/nae_offline_analysis.py import-2.6 7 | plugins/modules/nae_prechange.py import-2.6 8 | plugins/modules/nae_tcam.py import-2.6 9 | plugins/modules/nae_ag.py import-2.7 10 | plugins/module_utils/nae.py import-2.7 11 | plugins/modules/nae_compliance.py import-2.7 12 | plugins/modules/nae_delta.py import-2.7 13 | plugins/modules/nae_file_management.py import-2.7 14 | plugins/modules/nae_offline_analysis.py import-2.7 15 | plugins/modules/nae_prechange.py import-2.7 16 | plugins/modules/nae_tcam.py import-2.7 17 | plugins/modules/nae_ag.py import-3.5 18 | plugins/module_utils/nae.py import-3.5 19 | plugins/modules/nae_compliance.py import-3.5 20 | plugins/modules/nae_delta.py import-3.5 21 | plugins/modules/nae_file_management.py import-3.5 22 | plugins/modules/nae_offline_analysis.py import-3.5 23 | plugins/modules/nae_prechange.py import-3.5 24 | plugins/modules/nae_tcam.py import-3.5 25 | plugins/modules/nae_ag.py import-3.6 26 | plugins/module_utils/nae.py import-3.6 27 | plugins/modules/nae_compliance.py import-3.6 28 | plugins/modules/nae_delta.py import-3.6 29 | plugins/modules/nae_file_management.py import-3.6 30 | plugins/modules/nae_offline_analysis.py import-3.6 31 | plugins/modules/nae_prechange.py import-3.6 32 | plugins/modules/nae_tcam.py import-3.6 33 | plugins/modules/nae_ag.py import-3.7 34 | plugins/module_utils/nae.py import-3.7 35 | plugins/modules/nae_compliance.py import-3.7 36 | plugins/modules/nae_delta.py import-3.7 37 | plugins/modules/nae_file_management.py import-3.7 38 | plugins/modules/nae_offline_analysis.py import-3.7 39 | plugins/modules/nae_prechange.py import-3.7 40 | plugins/modules/nae_tcam.py import-3.7 41 | plugins/modules/nae_ag.py import-3.8 42 | plugins/module_utils/nae.py import-3.8 43 | plugins/modules/nae_compliance.py import-3.8 44 | plugins/modules/nae_delta.py import-3.8 45 | plugins/modules/nae_file_management.py import-3.8 46 | plugins/modules/nae_offline_analysis.py import-3.8 47 | plugins/modules/nae_prechange.py import-3.8 48 | plugins/modules/nae_tcam.py import-3.8 49 | plugins/modules/nae_ag.py import-3.9 50 | plugins/module_utils/nae.py import-3.9 51 | plugins/modules/nae_compliance.py import-3.9 52 | plugins/modules/nae_delta.py import-3.9 53 | plugins/modules/nae_file_management.py import-3.9 54 | plugins/modules/nae_offline_analysis.py import-3.9 55 | plugins/modules/nae_prechange.py import-3.9 56 | plugins/modules/nae_tcam.py import-3.9 57 | plugins/modules/nae_ag.py validate-modules:import-error 58 | plugins/modules/nae_compliance.py validate-modules:import-error 59 | plugins/modules/nae_delta.py validate-modules:import-error 60 | plugins/modules/nae_file_management.py validate-modules:import-error 61 | plugins/modules/nae_offline_analysis.py validate-modules:import-error 62 | plugins/modules/nae_prechange.py validate-modules:import-error 63 | plugins/modules/nae_tcam.py validate-modules:import-error -------------------------------------------------------------------------------- /tests/integration/targets/nae_tcam/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Cindy Zhao (cizhao) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Test that we have an NAE host, NAE username and NAE password 7 | fail: 8 | msg: 'Please define the following variables: nae_host, nae_username and nae_password.' 9 | when: nae_host is not defined or nae_username is not defined or nae_password is not defined 10 | 11 | - name: Set vars 12 | set_fact: 13 | nae_info: &nae_info 14 | host: '{{ nae_host }}' 15 | username: '{{ nae_username }}' 16 | password: '{{ nae_password }}' 17 | validate_certs: '{{ nae_validate_certs | default(false) }}' 18 | 19 | # Testing module login 20 | - name: Get tcam results (wrong username) 21 | nae_tcam: 22 | <<: *nae_info 23 | username: incorrect_username 24 | ag_name: Change Management 25 | ignore_errors: yes 26 | register: wrong_username 27 | 28 | - name: Get tcam results (wrong password) 29 | nae_tcam: 30 | <<: *nae_info 31 | password: incorrect_password 32 | ag_name: Change Management 33 | ignore_errors: yes 34 | register: wrong_password 35 | 36 | - name: Get tcam results (wrong host) 37 | nae_tcam: 38 | <<: *nae_info 39 | host: incorrect_host 40 | ag_name: Change Management 41 | ignore_errors: yes 42 | register: wrong_host 43 | 44 | - name: Get tcam results (google host) 45 | nae_tcam: 46 | <<: *nae_info 47 | host: 'google.com' 48 | ag_name: Change Management 49 | ignore_errors: yes 50 | register: google_host 51 | 52 | - name: Verify invalid credentials 53 | assert: 54 | that: 55 | - wrong_username is not changed 56 | - wrong_password is not changed 57 | - wrong_host is not changed 58 | - google_host is not changed 59 | - wrong_username.msg == wrong_password.msg == 'Invalid username and/or password' 60 | - wrong_host.msg == 'Request failed{{':'}} ' 61 | - google_host.msg == 'HTTP Error 404{{':'}} Not Found' 62 | 63 | # Testing nae_tcam module 64 | - name: Check whether AG Change Management exists 65 | include_tasks: ../../../../../../integration/targets/nae_compliance/tasks/create_ag.yml 66 | tags: create_ag 67 | when: check_ag.msg is defined and check_ag.msg == "Assurance group Change Management does not exist" 68 | 69 | - name: Get tcam results 70 | nae_tcam: 71 | <<: *nae_info 72 | ag_name: Change Management 73 | register: result_tcam 74 | 75 | - name: Get tcam results and write to local csv file 76 | nae_tcam: 77 | <<: *nae_info 78 | ag_name: Change Management 79 | file: tcam_data 80 | register: result_tcam_data 81 | 82 | - name: Verify tcam_data 83 | assert: 84 | that: 85 | - result_tcam is not changed 86 | - result_tcam.tcam[0][0].bucket.action == 'PERMIT' 87 | - result_tcam_data is changed 88 | - result_tcam_data.msg is match ('Pages extracted [0-9]* to file tcam_data.csv') 89 | 90 | - name: Use incorrect params 91 | nae_tcam: 92 | <<: *nae_info 93 | ignore_errors: yes 94 | register: incorrect_params 95 | 96 | - name: Verify incorrect_params 97 | assert: 98 | that: 99 | - incorrect_params is not changed 100 | - incorrect_params.msg == "Incorrect parameters passed" -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ansible-nae 2 | 3 | ### Cisco NAE has been integrated into Cisco Nexus Dashboard Insights. This project will not be developed going forward. Please refer to the ND Ansible collection (https://github.com/CiscoDevNet/ansible-nd) for on-going development, support and enhancement requests. 4 | 5 | The ansible-nae project provides an Ansible collection for managing and automating your Cisco NAE environment. It consists of a set of modules and roles for performing tasks related to NAE. 6 | 7 | *Note: This collection is not compatible with versions of Ansible before v2.8.* 8 | 9 | ## Requirements 10 | Ansible v2.8 or newer 11 | requests 12 | requests_toolbelt 13 | jsonpath_ng 14 | 15 | ## Install 16 | Ansible and other requirements must be installed 17 | ``` 18 | sudo pip install ansible requests requests-toolbelt jsonpath_ng pathlib filelock 19 | ``` 20 | 21 | Install the collection 22 | ``` 23 | ansible-galaxy collection install cisco.nae 24 | ``` 25 | 26 | ## Use 27 | Once the collection is installed, you can use it in a playbook by specifying the full namespace path to the module, plugin and/or role. 28 | 29 | ``` 30 | - name: NAE Testing 31 | hosts: all 32 | vars: 33 | nae_login: &nae_login 34 | host: 1.1.1.1 35 | port: 443 36 | username: Admin 37 | password: password 38 | validate_certs: False 39 | tasks: 40 | - name: Create a pre-change analysis from file 41 | nae_prechange: 42 | <<: *nae_login 43 | ag_name: FAB2 44 | file: config.json 45 | name: New 46 | state: present 47 | - name Create Online Assurance Group (with APIC Configuration Export Polciy) 48 | nae_ag: 49 | <<: *nae_login 50 | state: present 51 | name: AG1 52 | online: True 53 | apic_hostnames: 1.2.3.4 54 | apic_username: admin 55 | apic_password: password 56 | ... 57 | ``` 58 | ## RoadMap 59 | ### Pre-change analysis 60 | - [x] Configure PCA 61 | - [x] Start/Stop/Query PCA 62 | 63 | ### Epoch Delta 64 | - [x] Configure Delta Analysis 65 | - [x] Query Delta Analysis Result 66 | 67 | ### Compliance Analysis 68 | - [x] Create/Update/Read/Delete 69 | - - [x] Object Selectors 70 | - - [x] Traffic Selector 71 | - - [x] Compliance Requirement 72 | - - [x] Compliance Requirement Sets 73 | - [ ] Create Associate/Disassociate a requirement set with an AG 74 | - [ ] Report Creation 75 | 76 | ### Assurance Group Management 77 | - [x] Create/Update/Read/Delete Online Assurance Group 78 | - - [ ] Configure F5 Load Balancer 79 | - [x] Create/Update/Read/Delete Offline Assurance Group 80 | 81 | ### Offline File Management 82 | - [x] Upload/Delete/Get a File 83 | 84 | ### Online/Offline Analysis 85 | - [x] Create/Start/Stop/Delete Online Analysis 86 | - [x] Create/Start/Stop/Delete Offline Analysis 87 | 88 | ### Smart Events 89 | - [ ] Get smart events by Type/Severity 90 | - [ ] Export Smart Events in CSV format 91 | - [ ] Smart Event Suppression 92 | - - [ ] Create/Update/Delete/Read Even suppression rules 93 | - - [ ] Create/Update/Delete/Read Even suppression rules sets 94 | - - [ ] Activate a rules set with an AG 95 | - - [ ] Associate/Disassociate a requirement set with an AG 96 | ### TCAM Analysis 97 | - [x] Export TCAM stats as CSV 98 | 99 | ### Appliance Management 100 | - [ ] Create/Update/Delete/Read Users 101 | 102 | # Testing latest code 103 | 104 | If you wanna test the latest code you can: 105 | - Clone this repo 106 | - ansible-galaxy collection build --force 107 | - ansible-galaxy collection install cisco-nae-* --force 108 | 109 | 110 | -------------------------------------------------------------------------------- /plugins/modules/nae_file_management.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # GNU General Public License v3.0+ (see COPYING or 5 | # https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | __metaclass__ = type 9 | 10 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 11 | 'supported_by': 'certified'} 12 | 13 | DOCUMENTATION = \ 14 | r''' 15 | --- 16 | module: nae_file_management 17 | short_description: NAE file upload. 18 | description: 19 | - Upload file to NAE. 20 | version_added: '0.0.2' 21 | options: 22 | name: 23 | description: 24 | - Unique name of file upload 25 | type: str 26 | aliases: [ unique_name ] 27 | file: 28 | description: 29 | - The absolute path of the file 30 | type: str 31 | aliases: [ file_name ] 32 | state: 33 | description: 34 | - Use C(present) or C(absent) for adding or removing. 35 | - Use C(query) for listing an object or multiple objects. 36 | type: str 37 | choices: [ absent, present, query] 38 | default: present 39 | 40 | author: 41 | - Shantanu Kulkarni (@shan_kulk) 42 | ''' 43 | 44 | EXAMPLES = \ 45 | r''' 46 | - name: View all uploaded files 47 | nae_file_management: 48 | host: nae 49 | port: 8080 50 | username: Admin 51 | password: 1234 52 | name: config1 53 | state: query 54 | - name: Upload file 55 | nae_file_management: 56 | host: nae 57 | port: 8080 58 | username: Admin 59 | password: 1234 60 | state: present 61 | name: config1 62 | file: config.tar.gz 63 | - name: Delete Offline/Online Assurance Group 64 | nae_file_management: 65 | host: nae 66 | port: 8080 67 | username: Admin 68 | password: 1234 69 | state: absent 70 | name: config1 71 | ''' 72 | 73 | RETURN = \ 74 | ''' 75 | resp: 76 | description: Return payload 77 | type: str 78 | returned: always 79 | ''' 80 | 81 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 82 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 83 | from ansible.module_utils.basic import AnsibleModule 84 | import requests 85 | 86 | 87 | def main(): 88 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 89 | argument_spec = nae_argument_spec() 90 | argument_spec.update( # Not required for querying all objects 91 | name=dict(type='str', aliases=['unique_name']), 92 | file=dict(type='str', aliases=['file_name']), 93 | state=dict(type='str', default='present', choices=['absent', 94 | 'present', 'query']), 95 | validate_certs=dict(type='bool', default=False) 96 | ) 97 | 98 | module = AnsibleModule(argument_spec=argument_spec, 99 | supports_check_mode=True, 100 | required_if=[['state', 'absent', ['name']], 101 | ['state', 'present', ['file']], 102 | ['state', 'present', ['name']], 103 | ]) 104 | 105 | state = module.params.get('state') 106 | nae = NAEModule(module) 107 | 108 | if state == 'present': 109 | nae.upload_file() 110 | module.exit_json(**nae.result) 111 | elif state == 'absent': 112 | nae.delete_file() 113 | module.exit_json(**nae.result) 114 | elif state == 'query': 115 | nae.get_all_files() 116 | nae.result['Result'] = nae.files 117 | module.exit_json(**nae.result) 118 | 119 | module.fail_json(msg='Incorrect params passed', **nae.result) 120 | 121 | 122 | if __name__ == '__main__': 123 | main() 124 | -------------------------------------------------------------------------------- /plugins/modules/nae_delta.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # GNU General Public License v3.0+ (see COPYING or 5 | # https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | __metaclass__ = type 9 | 10 | 11 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 12 | 'supported_by': 'certified'} 13 | 14 | DOCUMENTATION = \ 15 | r''' 16 | --- 17 | module: nae_delta 18 | short_description: Delta analysis on Cisco NAE fabrics. 19 | description: 20 | - Manage Delta analyses on Cisco NAE fabrics. 21 | version_added: '0.0.2' 22 | options: 23 | ag_name: 24 | description: 25 | - Name of assurance group 26 | type: str 27 | required: yes 28 | name: 29 | description: 30 | - The name of the delta analysis 31 | type: str 32 | required: yes 33 | state: 34 | description: 35 | - Use C(present) or C(absent) for adding or removing. 36 | - Use C(query) for listing an object or multiple objects. 37 | type: str 38 | choices: [ absent, present, query ] 39 | default: present 40 | author: 41 | - Shantanu Kulkarni (@shan_kulk) 42 | ''' 43 | 44 | EXAMPLES = \ 45 | r''' 46 | - name: Create delta analysis from two most recent epochs 47 | nae_delta: 48 | host: nae 49 | port: 8080 50 | username: Admin 51 | password: 1234 52 | ag_name: fab1 53 | name: Delta_Analysis_1 54 | state: present 55 | - name: Query delta analysis results 56 | nae_delta: 57 | host: nae 58 | port: 8080 59 | username: Admin 60 | password: 1234 61 | ag_name: fab1 62 | state: query 63 | name: Delta_Analysis_1 64 | ''' 65 | 66 | RETURN = \ 67 | ''' 68 | resp: 69 | description: Return payload 70 | type: str 71 | returned: always 72 | ''' 73 | 74 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 75 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 76 | from ansible.module_utils.basic import AnsibleModule 77 | import requests 78 | 79 | 80 | def main(): 81 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 82 | argument_spec = nae_argument_spec() 83 | argument_spec.update( # Not required for querying all objects 84 | validate_certs=dict(type='bool', default=False), 85 | name=dict(type='str', default=""), 86 | ag_name=dict(type='str', default=""), 87 | state=dict(type='str', default="") 88 | ) 89 | 90 | module = AnsibleModule(argument_spec=argument_spec, 91 | supports_check_mode=True, 92 | required_if=[['state', 'absent', ['ag_name', 'name']], 93 | ['state', 'query', ['ag_name']], 94 | ['state', 'present', ['ag_name', 'name']]]) 95 | name = module.params.get('name') 96 | state = module.params.get('state') 97 | nae = NAEModule(module) 98 | if state == 'present' and 'name': 99 | nae.new_delta_analysis() 100 | module.exit_json(**nae.result) 101 | if state == 'query' and not name: 102 | nae.query_delta_analyses() 103 | module.exit_json(**nae.result) 104 | if state == 'query' and name: 105 | nae.result['Result'] = nae.get_delta_result() 106 | if not nae.result['Result']: 107 | module.exit_json( 108 | msg="Delta analysis failed. The above smart events have been detected for later epoch only.", 109 | **nae.result) 110 | module.exit_json(**nae.result) 111 | if state == 'absent': 112 | nae.delete_delta_analysis() 113 | module.exit_json(**nae.result) 114 | module.fail_json(msg='Incorrect params passed', **nae.result) 115 | 116 | 117 | if __name__ == '__main__': 118 | main() 119 | -------------------------------------------------------------------------------- /CHANGELOG.rst: -------------------------------------------------------------------------------- 1 | ========================================== 2 | Cisco NAE Ansible Collection Release Notes 3 | ========================================== 4 | 5 | .. contents:: Topics 6 | 7 | This changelog describes changes after version 0.0.1. 8 | 9 | v1.0.1 10 | ====== 11 | 12 | Release Summary 13 | --------------- 14 | 15 | Release v1.0.1 of the ``cisco.nae`` collection on 2020-12-15. This changelog describes all changes made to the modules and plugins included in this collection since v1.0.0. 16 | 17 | Minor Changes 18 | ------------- 19 | 20 | - Add ability to do pre-change analysis by file upload 21 | - Add ability to do the same pre-change analysis again 22 | - Add ability to recreate/update compliance object 23 | - Add check for existing compliance object 24 | - Add check for idempotency in nae_compliance test file 25 | - Add check_changed to check whether the object changed 26 | - Add check_existing function 27 | - Add current and previous in result 28 | - Add query_compliance_object function to query existing compliance object 29 | - Add tasks in nae_prechange's main.yml and added condition to check epoch value in nae.py and made changes to support the prechange tasks. 30 | - Add test cases for associating/disassociating req set to ag & activate/deactive req set 31 | - Add test cases for invalid host and non-nae host in nae_tcam 32 | - Add test cases for recreating/updating compliance object 33 | - Add test file for nae_tcam and potential solution for incorrect username/password 34 | - Add test task for get_changed 35 | - Make changes to allow modify and SAVE functionality for existing saved prechange analysis 36 | - Make changes to execute modification (PUT) to existng prechange analysis 37 | 38 | Bugfixes 39 | -------- 40 | 41 | - Fix NoneType error when trying to parse response to get current object 42 | - Fix idempotency issue for nae_compliance module 43 | - Fix import error by reducing length of authors section 44 | - Fix sanity error 45 | 46 | v1.0.0 47 | ====== 48 | 49 | Release Summary 50 | --------------- 51 | 52 | This is the first official release of the ``cisco.nae`` collection on 2020-11-25. 53 | 54 | Major Changes 55 | ------------- 56 | 57 | - Add automatic integration test 58 | - Add function getFirstAG() to get an Assurance Group for some API calls 59 | - Add function send_manual_payload() to create pre-change from manual changes 60 | - Add module nae_compliance to manage compliance objects 61 | - Add module nae_delta to manage delta analysis 62 | - Add module nae_file_management to manage NAE file 63 | - Add module nae_offline_analysis to manage NAE offline analysis 64 | - Add requirements in network-integration.requirements.txt 65 | 66 | Minor Changes 67 | ------------- 68 | 69 | - Ability to ignore specific smart events when querying a pre-change analysis 70 | - Add NAE 5.0 & 5.1 compatibility for send_pre_change_payload 71 | - Add check for non_existing AG group for every use of get_assurance_group() 72 | - Add compatibility for NAE 5.1 73 | - Add name in nae_delta's example 74 | - Add parameter in nae_compliance for associating requirement set to AG or not 75 | - Add parameter in nae_compliance to set requirement set status as active/inactive 76 | - Add requests library in import 77 | - Add requirements in network-integration.requirements.txt 78 | - Add test file and corresponding datasets for nae_compliance module 79 | - Add test file for nae_ag module 80 | - Change python version to 3.6 81 | - Remove output data 82 | - Replace self.params[] with self.params.get() 83 | - Update README.md and fix typo for requests_toolbelt in README.md 84 | 85 | Bugfixes 86 | -------- 87 | 88 | - Fix NAE file upload 89 | - Fix all API call endpoints 90 | - Fix crash in deleteAG() when using a non_existing AG 91 | - Fix delay while querying existing PCV analysis 92 | - Fix failing of pre-change analysis when there are only INFO severity events 93 | - Fix idempotency issue for nae_ag module 94 | - Fix idempotency issue for nae_compliance module 95 | - Fix integration test for nae_prechange 96 | - Fix sanity test and typos 97 | - Fix url for Assurance API 98 | - Fix warning of both option name and its alias name are set 99 | - Fix warning of module did not set no_log for apic_password 100 | 101 | v0.0.1 102 | ====== 103 | -------------------------------------------------------------------------------- /changelogs/changelog.yaml: -------------------------------------------------------------------------------- 1 | ancestor: 0.0.1 2 | releases: 3 | 0.0.1: 4 | release_date: '2020-06-18' 5 | 1.0.0: 6 | changes: 7 | bugfixes: 8 | - Fix NAE file upload 9 | - Fix all API call endpoints 10 | - Fix crash in deleteAG() when using a non_existing AG 11 | - Fix delay while querying existing PCV analysis 12 | - Fix failing of pre-change analysis when there are only INFO severity events 13 | - Fix idempotency issue for nae_ag module 14 | - Fix idempotency issue for nae_compliance module 15 | - Fix integration test for nae_prechange 16 | - Fix sanity test and typos 17 | - Fix url for Assurance API 18 | - Fix warning of both option name and its alias name are set 19 | - Fix warning of module did not set no_log for apic_password 20 | major_changes: 21 | - Add automatic integration test 22 | - Add function getFirstAG() to get an Assurance Group for some API calls 23 | - Add function send_manual_payload() to create pre-change from manual changes 24 | - Add module nae_compliance to manage compliance objects 25 | - Add module nae_delta to manage delta analysis 26 | - Add module nae_file_management to manage NAE file 27 | - Add module nae_offline_analysis to manage NAE offline analysis 28 | - Add requirements in network-integration.requirements.txt 29 | minor_changes: 30 | - Ability to ignore specific smart events when querying a pre-change analysis 31 | - Add NAE 5.0 & 5.1 compatibility for send_pre_change_payload 32 | - Add check for non_existing AG group for every use of get_assurance_group() 33 | - Add compatibility for NAE 5.1 34 | - Add name in nae_delta's example 35 | - Add parameter in nae_compliance for associating requirement set to AG or not 36 | - Add parameter in nae_compliance to set requirement set status as active/inactive 37 | - Add requests library in import 38 | - Add requirements in network-integration.requirements.txt 39 | - Add test file and corresponding datasets for nae_compliance module 40 | - Add test file for nae_ag module 41 | - Change python version to 3.6 42 | - Remove output data 43 | - Replace self.params[] with self.params.get() 44 | - Update README.md and fix typo for requests_toolbelt in README.md 45 | release_summary: This is the first official release of the ``cisco.nae`` collection 46 | on 2020-11-25. 47 | release_date: '2020-11-25' 48 | 1.0.1: 49 | changes: 50 | bugfixes: 51 | - Fix NoneType error when trying to parse response to get current object 52 | - Fix idempotency issue for nae_compliance module 53 | - Fix import error by reducing length of authors section 54 | - Fix sanity error 55 | minor_changes: 56 | - Add ability to do pre-change analysis by file upload 57 | - Add ability to do the same pre-change analysis again 58 | - Add ability to recreate/update compliance object 59 | - Add check for existing compliance object 60 | - Add check for idempotency in nae_compliance test file 61 | - Add check_changed to check whether the object changed 62 | - Add check_existing function 63 | - Add current and previous in result 64 | - Add query_compliance_object function to query existing compliance object 65 | - Add tasks in nae_prechange's main.yml and added condition to check epoch value 66 | in nae.py and made changes to support the prechange tasks. 67 | - Add test cases for associating/disassociating req set to ag & activate/deactive 68 | req set 69 | - Add test cases for invalid host and non-nae host in nae_tcam 70 | - Add test cases for recreating/updating compliance object 71 | - Add test file for nae_tcam and potential solution for incorrect username/password 72 | - Add test task for get_changed 73 | - Make changes to allow modify and SAVE functionality for existing saved prechange 74 | analysis 75 | - Make changes to execute modification (PUT) to existng prechange analysis 76 | release_summary: 'Release v1.0.1 of the ``cisco.nae`` collection on 2020-12-15. 77 | This changelog describes all changes made to the modules and plugins included 78 | in this collection since v1.0.0. ' 79 | release_date: '2020-12-15' 80 | -------------------------------------------------------------------------------- /plugins/modules/nae_offline_analysis.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # GNU General Public License v3.0+ (see COPYING or 5 | # https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | __metaclass__ = type 9 | 10 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 11 | 'supported_by': 'certified'} 12 | 13 | DOCUMENTATION = \ 14 | r''' 15 | --- 16 | module: nae_offline_analysis 17 | short_description: NAE offline analysis. 18 | description: 19 | - Upload file to NAE. 20 | version_added: '0.0.2' 21 | options: 22 | name: 23 | description: 24 | - Unique name of offline analysis 25 | type: str 26 | aliases: [ unique_name ] 27 | filename: 28 | description: 29 | - The uploaded file name 30 | type: str 31 | aliases: [ file_name ] 32 | state: 33 | description: 34 | - Use C(present) or C(absent) for adding or removing. 35 | - Use C(query) for listing an object or multiple objects. 36 | type: str 37 | choices: [ absent, present, query] 38 | default: present 39 | 40 | author: 41 | - Camillo Rossi (@camrossi) 42 | ''' 43 | 44 | EXAMPLES = \ 45 | r''' 46 | - name: View offline anaylisis 47 | nae_offline_analysis: 48 | host: nae 49 | port: 8080 50 | username: Admin 51 | password: 1234 52 | name: config1 53 | state: query 54 | - name: Create offline anaylisis 55 | nae_offline_analysis: 56 | host: nae 57 | port: 8080 58 | username: Admin 59 | password: 1234 60 | state: present 61 | name: OfflineAnalysis_1 62 | ag_name: Assurance_Group_1 63 | filename: OfflineCollection_1 64 | - name: Delete Offline/Online Assurance Group 65 | nae_offline_analysis: 66 | host: nae 67 | port: 8080 68 | username: Admin 69 | password: 1234 70 | state: absent 71 | name: OfflineAnalysis_1 72 | ''' 73 | 74 | RETURN = \ 75 | ''' 76 | resp: 77 | description: Return payload 78 | type: str 79 | returned: always 80 | ''' 81 | 82 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 83 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 84 | from ansible.module_utils.basic import AnsibleModule 85 | import requests 86 | 87 | 88 | def main(): 89 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 90 | argument_spec = nae_argument_spec() 91 | argument_spec.update( # Not required for querying all objects 92 | name=dict(type='str', aliases=['unique_name']), 93 | filename=dict(type='str', aliases=['file_name']), 94 | ag_name=dict(type='str', aliases=['assurance_group_name']), 95 | complete=dict(type='bool', default=False), 96 | state=dict(type='str', default='present', choices=['absent', 97 | 'present', 'query', 'complete']), 98 | validate_certs=dict(type='bool', default=False) 99 | ) 100 | 101 | module = AnsibleModule(argument_spec=argument_spec, 102 | supports_check_mode=True, 103 | required_if=[['state', 'absent', ['name']], 104 | ['state', 'present', ['filename']], 105 | ['state', 'present', ['name']], 106 | ['state', 'present', ['ag_name']], 107 | ]) 108 | 109 | state = module.params.get('state') 110 | name = module.params.get('name') 111 | nae = NAEModule(module) 112 | 113 | if state == 'present': 114 | nae.newOfflineAnalysis() 115 | module.exit_json(**nae.result) 116 | elif state == 'absent': 117 | nae.deleteOfflineAnalysis() 118 | module.exit_json(**nae.result) 119 | elif state == 'query' and name: 120 | nae.result['Result'] = nae.get_OfflineAnalysis(name) 121 | module.exit_json(**nae.result) 122 | elif state == 'query': 123 | nae.get_all_OfflineAnalysis() 124 | nae.result['Result'] = nae.offlineAnalysis 125 | module.exit_json(**nae.result) 126 | 127 | module.fail_json(msg='Incorrect params passed', **nae.result) 128 | 129 | 130 | if __name__ == '__main__': 131 | main() 132 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/ansible_dump.json: -------------------------------------------------------------------------------- 1 | [{"fvTenant": {"attributes": {"name": "AnsibleTest", "descr": "tenant by Ansible", "dn": "uni/tn-AnsibleTest"}}}][{"fvCtx": {"attributes": {"name": "AnsibleTest_VRF", "dn": "uni/tn-AnsibleTest/ctx-AnsibleTest_VRF"}}}][{"fvBD": {"attributes": {"name": "AnsibleTest_BD1", "dn": "uni/tn-AnsibleTest/BD-AnsibleTest_BD1"}, "children": [{"fvRsCtx": {"attributes": {"tnFvCtxName": "AnsibleTest_VRF"}}}]}}][{"fvSubnet": {"attributes": {"ip": "10.10.10.1/24", "name": "BD1", "dn": "uni/tn-AnsibleTest/BD-AnsibleTest_BD1/subnet-[10.10.10.1/24]"}}}][{"fvBD": {"attributes": {"name": "AnsibleTest_BD2", "dn": "uni/tn-AnsibleTest/BD-AnsibleTest_BD2"}, "children": [{"fvRsCtx": {"attributes": {"tnFvCtxName": "AnsibleTest_VRF"}}}]}}][{"fvSubnet": {"attributes": {"ip": "20.20.20.1/24", "name": "BD2", "dn": "uni/tn-AnsibleTest/BD-AnsibleTest_BD2/subnet-[20.20.20.1/24]"}}}][{"vzFilter": {"attributes": {"name": "Web_Filter", "dn": "uni/tn-AnsibleTest/flt-Web_Filter"}}}][{"vzEntry": {"attributes": {"dFromPort": "http", "dToPort": "http", "etherT": "ip", "name": "web_filter", "prot": "tcp", "dn": "uni/tn-AnsibleTest/flt-Web_Filter/e-web_filter"}}}][{"vzFilter": {"attributes": {"name": "App_Filter", "dn": "uni/tn-AnsibleTest/flt-App_Filter"}}}][{"vzEntry": {"attributes": {"dFromPort": "1433", "dToPort": "1433", "etherT": "ip", "name": "app_filter", "prot": "tcp", "dn": "uni/tn-AnsibleTest/flt-App_Filter/e-app_filter"}}}][{"vzFilter": {"attributes": {"name": "DB_Filter", "dn": "uni/tn-AnsibleTest/flt-DB_Filter"}}}][{"vzEntry": {"attributes": {"dFromPort": "1521", "dToPort": "1521", "etherT": "ip", "name": "db_filter", "prot": "tcp", "dn": "uni/tn-AnsibleTest/flt-DB_Filter/e-db_filter"}}}][{"vzBrCP": {"attributes": {"name": "Web_Con", "dn": "uni/tn-AnsibleTest/brc-Web_Con"}}}][{"vzBrCP": {"attributes": {"name": "App_Con", "dn": "uni/tn-AnsibleTest/brc-App_Con"}}}][{"vzBrCP": {"attributes": {"name": "DB_Con", "dn": "uni/tn-AnsibleTest/brc-DB_Con"}}}][{"vzSubj": {"attributes": {"name": "web_subject", "dn": "uni/tn-AnsibleTest/brc-Web_Con/subj-web_subject"}}}][{"vzSubj": {"attributes": {"name": "app_subject", "dn": "uni/tn-AnsibleTest/brc-App_Con/subj-app_subject"}}}][{"vzSubj": {"attributes": {"name": "db_subject", "dn": "uni/tn-AnsibleTest/brc-DB_Con/subj-db_subject"}}}][{"vzRsSubjFiltAtt": {"attributes": {"tnVzFilterName": "Web_Filter", "dn": "uni/tn-AnsibleTest/brc-Web_Con/subj-web_subject/rssubjFiltAtt-Web_Filter"}}}][{"vzRsSubjFiltAtt": {"attributes": {"tnVzFilterName": "App_Filter", "dn": "uni/tn-AnsibleTest/brc-App_Con/subj-app_subject/rssubjFiltAtt-App_Filter"}}}][{"vzRsSubjFiltAtt": {"attributes": {"tnVzFilterName": "DB_Filter", "dn": "uni/tn-AnsibleTest/brc-DB_Con/subj-db_subject/rssubjFiltAtt-DB_Filter"}}}][{"fvAp": {"attributes": {"name": "3Tier_App", "dn": "uni/tn-AnsibleTest/ap-3Tier_App"}}}][{"fvAEPg": {"attributes": {"name": "Web_EPG", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-Web_EPG"}, "children": [{"fvRsBd": {"attributes": {"tnFvBDName": "AnsibleTest_BD1"}}}]}}][{"fvRsDomAtt": {"attributes": {"switchingMode": "native", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-Web_EPG/rsdomAtt-[uni/vmmp-Kubernetes/dom-KubeSpray]", "tDn": "uni/vmmp-Kubernetes/dom-KubeSpray"}, "children": [{"vmmSecP": {"attributes": {"allowPromiscuous": "reject"}}}]}}][{"fvRsCons": {"attributes": {"tnVzBrCPName": "Web_Con", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-Web_EPG/rscons-Web_Con"}}}][{"fvRsProv": {"attributes": {"tnVzBrCPName": "App_Con", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-Web_EPG/rsprov-App_Con"}}}][{"fvAEPg": {"attributes": {"name": "App_EPG", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-App_EPG"}, "children": [{"fvRsBd": {"attributes": {"tnFvBDName": "AnsibleTest_BD1"}}}]}}][{"fvRsDomAtt": {"attributes": {"switchingMode": "native", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-App_EPG/rsdomAtt-[uni/vmmp-VMware/dom-ACI]", "tDn": "uni/vmmp-VMware/dom-ACI"}, "children": [{"vmmSecP": {"attributes": {"allowPromiscuous": "reject"}}}]}}][{"fvRsCons": {"attributes": {"tnVzBrCPName": "App_Con", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-App_EPG/rscons-App_Con"}}}][{"fvRsProv": {"attributes": {"tnVzBrCPName": "DB_Con", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-App_EPG/rsprov-DB_Con"}}}][{"fvAEPg": {"attributes": {"name": "DB_EPG", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-DB_EPG"}, "children": [{"fvRsBd": {"attributes": {"tnFvBDName": "AnsibleTest_BD1"}}}]}}][{"fvRsDomAtt": {"attributes": {"switchingMode": "native", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-DB_EPG/rsdomAtt-[uni/vmmp-VMware/dom-ACI]", "tDn": "uni/vmmp-VMware/dom-ACI"}, "children": [{"vmmSecP": {"attributes": {"allowPromiscuous": "reject"}}}]}}][{"fvRsCons": {"attributes": {"tnVzBrCPName": "DB_Con", "dn": "uni/tn-AnsibleTest/ap-3Tier_App/epg-DB_EPG/rscons-DB_Con"}}}] -------------------------------------------------------------------------------- /tests/integration/targets/nae_ag/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Cindy Zhao (cizhao) 3 | # 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Test that we have an NAE host, NAE username and NAE password 7 | fail: 8 | msg: 'Please define the following variables: nae_host, nae_username and nae_password.' 9 | when: nae_host is not defined or nae_username is not defined or nae_password is not defined 10 | 11 | - name: Set vars 12 | set_fact: 13 | nae_info: &nae_info 14 | host: '{{ nae_host }}' 15 | username: '{{ nae_username }}' 16 | password: '{{ nae_password }}' 17 | validate_certs: '{{ nae_validate_certs | default(false) }}' 18 | 19 | - name: Delete ag 20 | cisco.nae.nae_ag: 21 | <<: *nae_info 22 | state: absent 23 | name: "{{ item }}" 24 | ignore_errors: yes 25 | loop: 26 | - ansible_ap_online 27 | - ansible_ap_online2 28 | - ansible_ag_offline 29 | 30 | - name: Create online assurance group (with APIC Configuration Export Policy) 31 | cisco.nae.nae_ag: 32 | <<: *nae_info 33 | state: present 34 | name: ansible_ap_online 35 | online: True 36 | apic_hostnames: '{{ apic_hostname }}' 37 | apic_username: '{{ apic_username }}' 38 | apic_password: '{{ apic_password }}' 39 | export_apic_policy: True 40 | register: create_online_ag 41 | 42 | - name: Verify create_online_ag 43 | assert: 44 | that: 45 | - create_online_ag is changed 46 | - create_online_ag.Result == "Successfully created Assurance Group \"ansible_ap_online\"" 47 | 48 | - name: Query online assurance group (with APIC Configuration Export Policy) 49 | cisco.nae.nae_ag: 50 | <<: *nae_info 51 | state: query 52 | name: ansible_ap_online 53 | register: query_online_ap 54 | 55 | - name: Verify query_online_ap 56 | assert: 57 | that: 58 | - query_online_ap is not changed 59 | - query_online_ap.Result.aci_assurance_group_status == "CREATED" 60 | - query_online_ap.Result.apic_hostnames == ["173.36.219.25"] 61 | - query_online_ap.Result.operational_mode == "ONLINE" 62 | - query_online_ap.Result.unique_name == "ansible_ap_online" 63 | 64 | - name: Create offline ag 65 | cisco.nae.nae_ag: 66 | <<: *nae_info 67 | name: ansible_ag_offline 68 | state: present 69 | register: create_offline_ag 70 | 71 | - name: Verify create_offline_ag 72 | assert: 73 | that: 74 | - create_offline_ag is changed 75 | - create_offline_ag.Result == "Successfully created Assurance Group \"ansible_ag_offline\"" 76 | 77 | - name: Query offline ag 78 | cisco.nae.nae_ag: 79 | <<: *nae_info 80 | state: query 81 | name: ansible_ag_offline 82 | register: query_offline_ap 83 | 84 | - name: Verify query_offline_ap 85 | assert: 86 | that: 87 | - query_offline_ap is not changed 88 | - query_offline_ap.Result.aci_assurance_group_status == "CREATED" 89 | - query_offline_ap.Result.operational_mode == "OFFLINE" 90 | - query_offline_ap.Result.unique_name == "ansible_ag_offline" 91 | 92 | - name: View all assurance groups 93 | cisco.nae.nae_ag: 94 | <<: *nae_info 95 | state: query 96 | register: query_all 97 | 98 | - name: Verify query_all 99 | assert: 100 | that: 101 | - query_all.Result | length >= 2 102 | 103 | - name: Delete ag 104 | cisco.nae.nae_ag: 105 | <<: *nae_info 106 | state: absent 107 | name: ansible_ap_online 108 | register: ap_absent 109 | 110 | - name: Verify ap_absent 111 | assert: 112 | that: 113 | - ap_absent is changed 114 | - ap_absent.Result == "Assurance Group \"ansible_ap_online\" deleted successfully" 115 | 116 | - name: Query deleted ag 117 | cisco.nae.nae_ag: 118 | <<: *nae_info 119 | state: query 120 | name: ansible_ap_online 121 | ignore_errors: true 122 | register: query_deleted_ag 123 | 124 | - name: Verify query_deleted_ag 125 | assert: 126 | that: 127 | - query_deleted_ag is not changed 128 | - query_deleted_ag.msg == "Assurange Group ansible_ap_online does not exist" 129 | 130 | - name: Use incorrect parameters 131 | cisco.nae.nae_ag: 132 | <<: *nae_info 133 | state: modify 134 | ignore_errors: true 135 | register: modify_state 136 | 137 | - name: Verify modify_state 138 | assert: 139 | that: 140 | - modify_state.msg == "Incorrect params passed" 141 | 142 | - name: Query non_existing ag 143 | cisco.nae.nae_ag: 144 | <<: *nae_info 145 | state: query 146 | name: non_existing_ag 147 | ignore_errors: true 148 | register: query_non_existing_ag 149 | 150 | - name: Create online assurance group (with APIC Configuration Export Policy) for running the analysis more than once 151 | cisco.nae.nae_ag: 152 | <<: *nae_info 153 | state: present 154 | name: ansible_ap_online2 155 | online: True 156 | apic_hostnames: '{{ apic_hostname }}' 157 | apic_username: '{{ apic_username }}' 158 | apic_password: '{{ apic_password }}' 159 | export_apic_policy: True 160 | register: create_online_ag2 161 | 162 | - name: Verify create_online_ag2 163 | assert: 164 | that: 165 | - create_online_ag2 is changed 166 | - create_online_ag2.Result == "Successfully created Assurance Group \"ansible_ap_online2\"" 167 | 168 | - name: Start an Existing Assurance Group 169 | cisco.nae.nae_ag: 170 | <<: *nae_info 171 | name: ansible_ap_online2 172 | run: True 173 | 174 | - name: Stop an Existing Assurance Group 175 | cisco.nae.nae_ag: 176 | <<: *nae_info 177 | name: ansible_ap_online2 178 | run: False 179 | 180 | - name: Run an Existing Assurance Group Analysis 2 times and then stop 181 | cisco.nae.nae_ag: 182 | <<: *nae_info 183 | name: ansible_ap_online2 184 | run: True 185 | run_iterations: 2 186 | 187 | - name: Pause for 15 minutes to complete assurance group analysis in the previous step 188 | pause: 189 | minutes: 15 190 | -------------------------------------------------------------------------------- /plugins/modules/nae_ag.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | 4 | # GNU General Public License v3.0+ (see COPYING or 5 | # https://www.gnu.org/licenses/gpl-3.0.txt) 6 | 7 | from __future__ import absolute_import, division, print_function 8 | __metaclass__ = type 9 | 10 | # def createPreChange(self, 11 | # ag_name,name,description,interactive_flag,changes): 12 | 13 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 14 | 'supported_by': 'certified'} 15 | 16 | DOCUMENTATION = \ 17 | r''' 18 | --- 19 | module: nae_ag 20 | short_description: Manage assurance groups. 21 | description: 22 | - Manage Assurance Groups on Cisco NAE fabrics. 23 | version_added: '0.0.2' 24 | options: 25 | name: 26 | description: 27 | - The name of the assurance group. 28 | type: str 29 | required: yes 30 | aliases: [ fab_name ] 31 | description: 32 | description: 33 | - Description for the assurance group analysis. 34 | type: str 35 | aliases: [ descr ] 36 | state: 37 | description: 38 | - Use C(present) or C(absent) for adding or removing. 39 | - Use C(query) for listing an object or multiple objects. 40 | - Use C(modify) when editing config. 41 | type: str 42 | choices: [ absent, present, query, modify ] 43 | default: present 44 | run: 45 | description: 46 | - Set to True to start the Assurance Group Analysis 47 | - Set to False to stop the Assurance Group Analysis 48 | type: bool 49 | 50 | author: 51 | - Shantanu Kulkarni (@shan_kulk) 52 | ''' 53 | 54 | EXAMPLES = \ 55 | r''' 56 | - name: View all assurance groups 57 | nae_ag: 58 | host: nae 59 | port: 8080 60 | username: Admin 61 | password: 1234 62 | state: query 63 | - name: View Assurance Group Configuration 64 | nae_ag: 65 | host: nae 66 | port: 8080 67 | username: Admin 68 | password: 1234 69 | state: query 70 | name: AG1 71 | - name: Create Offline Assurance Group 72 | nae_ag: 73 | host: nae 74 | port: 8080 75 | username: Admin 76 | password: 1234 77 | state: present 78 | name: AG1 79 | - name: Delete Offline/Online Assurance Group 80 | nae_ag: 81 | host: nae 82 | port: 8080 83 | username: Admin 84 | password: 1234 85 | state: absent 86 | name: AG1 87 | - name: Create Online Assurance Group (with APIC Configuration Export Polciy) 88 | nae_ag: 89 | host: nae 90 | port: 8080 91 | username: Admin 92 | password: 1234 93 | state: present 94 | name: AG1 95 | online: True 96 | apic_hostnames: 1.2.3.4 97 | apic_username: admin 98 | apic_password: password 99 | export_apic_policy: True 100 | - name: Start an Existing Assurance Group 101 | nae_ag: 102 | host: nae 103 | port: 8080 104 | username: Admin 105 | password: 1234 106 | name: AG1 107 | run: True 108 | - name: Stop an Existing Assurance Group 109 | nae_ag: 110 | host: nae 111 | port: 8080 112 | username: Admin 113 | password: 1234 114 | name: AG1 115 | run: False 116 | - name: Run an Existing Assurance Group Analysis 5 times and then stop 117 | nae_ag: 118 | host: nae 119 | port: 8080 120 | username: Admin 121 | password: 1234 122 | name: AG1 123 | run: True 124 | run_iterations: 5 125 | ''' 126 | 127 | RETURN = \ 128 | ''' 129 | resp: 130 | description: Return payload 131 | type: str 132 | returned: always 133 | ''' 134 | 135 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 136 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 137 | from ansible.module_utils.basic import AnsibleModule 138 | import requests 139 | 140 | 141 | def main(): 142 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 143 | argument_spec = nae_argument_spec() 144 | argument_spec.update( # Not required for querying all objects 145 | name=dict(type='str', aliases=['fab_name']), 146 | description=dict(type='str'), 147 | apic_hostnames=dict(type='str', default=""), 148 | apic_username=dict(type='str', default=""), 149 | apic_password=dict(type='str', default="", no_log=True), 150 | online=dict(type='bool', default=False), 151 | validate_certs=dict(type='bool', default=False), 152 | run=dict(type='bool', default=None), 153 | run_iterations=dict(type='int', default=None), 154 | state=dict(type='str', default='present', choices=['absent', 155 | 'present', 'query', 'modify']), 156 | export_apic_policy=dict(type='bool', default=False) 157 | ) 158 | 159 | module = AnsibleModule(argument_spec=argument_spec, 160 | supports_check_mode=True, 161 | required_if=[['state', 'absent', ['name']], 162 | ['state', 'present', ['name']]]) 163 | 164 | state = module.params.get('state') 165 | name = module.params.get('name') 166 | online = module.params.get('online') 167 | run = module.params.get('run') 168 | nae = NAEModule(module) 169 | 170 | if state == 'query' and name: 171 | ag = nae.get_assurance_group(name) 172 | if ag is None: 173 | module.exit_json( 174 | msg='Assurance group {0} does not exist'.format(name), 175 | **nae.result) 176 | nae.result['Result'] = ag 177 | module.exit_json(**nae.result) 178 | elif state == 'query' and not name: 179 | nae.get_all_assurance_groups() 180 | nae.result['Result'] = nae.assuranceGroups 181 | module.exit_json(**nae.result) 182 | elif state == 'present' and run is not None: 183 | nae.start_stop_ag() 184 | nae.result['changed'] = True 185 | module.exit_json(**nae.result) 186 | elif state == 'absent' and name: 187 | nae.deleteAG() 188 | nae.result['changed'] = True 189 | module.exit_json(**nae.result) 190 | elif state == 'present' and online: 191 | nae.newOnlineAG() 192 | nae.result['changed'] = True 193 | module.exit_json(**nae.result) 194 | elif state == 'present' and name: 195 | nae.newOfflineAG() 196 | nae.result['changed'] = True 197 | module.exit_json(**nae.result) 198 | 199 | module.fail_json(msg='Incorrect params passed', **nae.result) 200 | 201 | 202 | if __name__ == '__main__': 203 | main() 204 | -------------------------------------------------------------------------------- /plugins/modules/nae_compliance.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | # Copyright: (c) 2020, Cindy Zhao (@cizhao) 4 | 5 | # GNU General Public License v3.0+ (see COPYING or 6 | # https://www.gnu.org/licenses/gpl-3.0.txt) 7 | 8 | from __future__ import absolute_import, division, print_function 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 13 | 'supported_by': 'certified'} 14 | 15 | DOCUMENTATION = \ 16 | r''' 17 | --- 18 | module: nae_compliance 19 | short_description: Manage compliance objects. 20 | description: 21 | - Manage compliance objects on Cisco NAE fabrics. 22 | version_added: '0.0.2' 23 | options: 24 | form: 25 | description: 26 | - Pre formatted input form for compliance object. 27 | type: str 28 | state: 29 | description: 30 | - Use C(present) or C(absent) for adding or removing. 31 | - Use C(query) for listing an object or multiple objects. 32 | - Use C(modify) when editing config. 33 | type: str 34 | choices: [ absent, present, query, modify ] 35 | default: present 36 | 37 | author: 38 | - Shantanu Kulkarni (@shan_kulk) 39 | ''' 40 | 41 | EXAMPLES = \ 42 | r''' 43 | - name: Create object selector from form 44 | nae_compliance: 45 | host: nae 46 | port: 8080 47 | username: Admin 48 | password: 1234 49 | state: present 50 | form: | 51 | { 52 | "name":"DataBase", 53 | "description":null, 54 | "includes":[ 55 | { 56 | "matches":[ 57 | { 58 | "application_epgmatch":{ 59 | "object_attribute":"DN", 60 | "tenant":{ 61 | "pattern":"NAE_Compliance", 62 | "type":"EXACT" 63 | }, 64 | "application_profile":{ 65 | "pattern":"ComplianceIsGood", 66 | "type":"EXACT" 67 | }, 68 | "application_epg":{ 69 | "pattern":"DataBase", 70 | "type":"EXACT" 71 | } 72 | } 73 | } 74 | ] 75 | } 76 | ], 77 | "excludes":[], 78 | "selector_type":"OST_EPG" 79 | } 80 | 81 | ''' 82 | 83 | RETURN = \ 84 | ''' 85 | resp: 86 | description: Return payload 87 | type: str 88 | returned: always 89 | ''' 90 | 91 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 92 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 93 | from ansible.module_utils.basic import AnsibleModule 94 | import requests 95 | 96 | 97 | def main(): 98 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 99 | argument_spec = nae_argument_spec() 100 | argument_spec.update( # Not required for querying all objects 101 | name=dict(type='str'), 102 | description=dict(type='str'), 103 | association_to_ag=dict(type='bool', default=True), 104 | active=dict(type='bool', default=True), 105 | selector=dict(type='str', default='object', choices=['object', 'traffic', 'requirement', 'requirement_set']), 106 | validate_certs=dict(type='bool', default=False), 107 | state=dict(type='str', default='present', choices=['absent', 108 | 'present', 'query', 'modify']), 109 | form=dict(type='str', default=""), 110 | ag_name=dict(type='str', default="") 111 | ) 112 | 113 | module = AnsibleModule(argument_spec=argument_spec, 114 | supports_check_mode=True, 115 | required_if=[['state', 'absent', ['name']], 116 | ['selector', 'requirement_set', ['ag_name']], 117 | ]) 118 | selector = module.params.get('selector') 119 | name = module.params.get('name') 120 | state = module.params.get('state') 121 | form = module.params.get('form') 122 | nae = NAEModule(module) 123 | if state == 'present' and form and selector == 'object': 124 | nae.new_object_selector() 125 | module.exit_json(**nae.result) 126 | elif state == 'present' and form and selector == 'traffic': 127 | nae.new_traffic_selector() 128 | module.exit_json(**nae.result) 129 | elif state == 'present' and form and selector == 'requirement': 130 | nae.new_compliance_requirement() 131 | module.exit_json(**nae.result) 132 | elif state == 'present' and form and selector == 'requirement_set': 133 | nae.new_compliance_requirement_set() 134 | module.exit_json(**nae.result) 135 | elif state == 'query' and selector == 'object' and name: 136 | nae.get_compliance_object(name) 137 | module.exit_json(**nae.result) 138 | elif state == 'query' and selector == 'object': 139 | nae.get_all_object_selectors() 140 | module.exit_json(**nae.result) 141 | elif state == 'query' and selector == 'traffic' and name: 142 | nae.get_compliance_object(name) 143 | module.exit_json(**nae.result) 144 | elif state == 'query' and selector == 'traffic': 145 | nae.get_all_traffic_selectors() 146 | module.exit_json(**nae.result) 147 | elif state == 'query' and selector == 'requirement' and name: 148 | nae.get_compliance_object(name) 149 | module.exit_json(**nae.result) 150 | elif state == 'query' and selector == 'requirement': 151 | nae.get_all_requirements() 152 | module.exit_json(**nae.result) 153 | elif state == 'query' and selector == 'requirement_set' and name: 154 | nae.get_compliance_object(name) 155 | module.exit_json(**nae.result) 156 | elif state == 'query' and selector == 'requirement_set': 157 | nae.get_all_requirement_sets() 158 | module.exit_json(**nae.result) 159 | elif state == 'absent' and selector == 'object': 160 | nae.delete_object_selector() 161 | nae.result['changed'] = True 162 | module.exit_json(**nae.result) 163 | elif state == 'absent' and selector == 'traffic': 164 | nae.delete_traffic_selector() 165 | nae.result['changed'] = True 166 | module.exit_json(**nae.result) 167 | elif state == 'absent' and selector == 'requirement': 168 | nae.delete_requirement() 169 | nae.result['changed'] = True 170 | module.exit_json(**nae.result) 171 | elif state == 'absent' and selector == 'requirement_set': 172 | nae.delete_requirement_set() 173 | nae.result['changed'] = True 174 | module.exit_json(**nae.result) 175 | module.fail_json(msg='Incorrect parameters passed', **nae.result) 176 | 177 | 178 | if __name__ == '__main__': 179 | main() 180 | -------------------------------------------------------------------------------- /.github/workflows/ansible-test.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | on: 3 | push: 4 | branches: master 5 | pull_request: 6 | schedule: 7 | # * is a special character in YAML so you have to quote this string 8 | - cron: '0 8 * * *' 9 | jobs: 10 | build: 11 | name: Build collection 12 | runs-on: ubuntu-latest 13 | strategy: 14 | matrix: 15 | ansible: [2.9.17, 2.10.5] 16 | steps: 17 | - name: Check out code 18 | uses: actions/checkout@v2 19 | 20 | - name: Set up Python 3.8 21 | uses: actions/setup-python@v1 22 | with: 23 | python-version: 3.8 24 | 25 | - name: Install ansible-base (v${{ matrix.ansible }}) 26 | run: pip install https://github.com/ansible/ansible/archive/v${{ matrix.ansible }}.tar.gz --disable-pip-version-check 27 | 28 | - name: Build a collection tarball 29 | run: ansible-galaxy collection build --output-path "${GITHUB_WORKSPACE}/.cache/collection-tarballs" 30 | 31 | - name: Store migrated collection artifacts 32 | uses: actions/upload-artifact@v1 33 | with: 34 | name: collection 35 | path: .cache/collection-tarballs 36 | 37 | importer: 38 | name: Galaxy-importer check 39 | needs: 40 | - build 41 | runs-on: ubuntu-latest 42 | steps: 43 | - name: Set up Python 3.8 44 | uses: actions/setup-python@v1 45 | with: 46 | python-version: 3.8 47 | 48 | - name: Install ansible-base (v2.11.0) 49 | run: pip install https://github.com/ansible/ansible/archive/v2.11.0.tar.gz --disable-pip-version-check 50 | 51 | - name: Download migrated collection artifacts 52 | uses: actions/download-artifact@v1 53 | with: 54 | name: collection 55 | path: .cache/collection-tarballs 56 | 57 | - name: Install the collection tarball 58 | run: ansible-galaxy collection install .cache/collection-tarballs/*.tar.gz 59 | 60 | - name: Install galaxy-importer 61 | run: pip install galaxy-importer 62 | 63 | - name: Create galaxy-importer directory 64 | run: sudo mkdir -p /etc/galaxy-importer 65 | 66 | - name: Create galaxy-importer.cfg 67 | run: sudo cp /home/runner/.ansible/collections/ansible_collections/cisco/nae/.github/workflows/galaxy-importer.cfg /etc/galaxy-importer/galaxy-importer.cfg 68 | 69 | - name: Run galaxy-importer check 70 | run: python -m galaxy_importer.main .cache/collection-tarballs/cisco-*.tar.gz | tee .cache/collection-tarballs/log.txt && sudo cp ./importer_result.json .cache/collection-tarballs/importer_result.json 71 | 72 | - name: Check warnings and errors 73 | run: if grep -E 'WARNING|ERROR' .cache/collection-tarballs/log.txt; then exit 1; else exit 0; fi 74 | 75 | - name: Store galaxy_importer check log file 76 | uses: actions/upload-artifact@v1 77 | with: 78 | name: galaxy-importer-log 79 | path: .cache/collection-tarballs/importer_result.json 80 | 81 | sanity: 82 | name: Sanity in ubuntu-latest 83 | needs: 84 | - build 85 | runs-on: ubuntu-latest 86 | strategy: 87 | matrix: 88 | ansible: [2.9.17, 2.10.5] 89 | steps: 90 | - name: Set up Python 3.8 91 | uses: actions/setup-python@v1 92 | with: 93 | python-version: 3.8 94 | 95 | - name: Install ansible-base (v${{ matrix.ansible }}) 96 | run: pip install https://github.com/ansible/ansible/archive/v${{ matrix.ansible }}.tar.gz --disable-pip-version-check 97 | 98 | - name: Install coverage (v4.5.4) 99 | run: pip install coverage==4.5.4 100 | 101 | - name: Download migrated collection artifacts 102 | uses: actions/download-artifact@v1 103 | with: 104 | name: collection 105 | path: .cache/collection-tarballs 106 | 107 | - name: Install the collection tarball 108 | run: ansible-galaxy collection install .cache/collection-tarballs/*.tar.gz 109 | 110 | - name: Run sanity tests 111 | run: ansible-test sanity --docker -v --color --truncate 0 112 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 113 | 114 | - name: Generate coverage report 115 | run: ansible-test coverage xml -v --requirements --group-by command --group-by version 116 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 117 | 118 | - name: Push coverate report to codecov.io 119 | run: bash <(curl -s https://codecov.io/bash) -s 'tests/output/reports/' -F integration 120 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 121 | 122 | units: 123 | name: Units in ubuntu-latest 124 | needs: 125 | - build 126 | runs-on: ubuntu-latest 127 | strategy: 128 | matrix: 129 | ansible: [2.9.17, 2.10.5] 130 | steps: 131 | - name: Set up Python 3.8 132 | uses: actions/setup-python@v1 133 | with: 134 | python-version: 3.8 135 | 136 | - name: Install ansible-base (v${{ matrix.ansible }}) 137 | run: pip install https://github.com/ansible/ansible/archive/v${{ matrix.ansible }}.tar.gz --disable-pip-version-check 138 | 139 | - name: Install coverage (v4.5.4) 140 | run: pip install coverage==4.5.4 141 | 142 | - name: Download migrated collection artifacts 143 | uses: actions/download-artifact@v1 144 | with: 145 | name: collection 146 | path: .cache/collection-tarballs 147 | 148 | - name: Install the collection tarball 149 | run: ansible-galaxy collection install .cache/collection-tarballs/*.tar.gz 150 | 151 | # - name: Run unit tests 152 | # run: ansible-test units --docker -v --color --truncate 0 --python 3.8 --coverage 153 | # working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 154 | 155 | # - name: Generate coverage report. 156 | # run: ansible-test coverage xml -v --requirements --group-by command --group-by version 157 | # working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 158 | 159 | # - uses: codecov/codecov-action@v1 160 | # with: 161 | # fail_ci_if_error: false 162 | # file: /home/runner/.ansible/collections/ansible_collections/cisco/nae/tests/output/reports/coverage.xml 163 | 164 | integration: 165 | name: Integration in ubuntu-latest 166 | needs: 167 | - build 168 | runs-on: ubuntu-latest 169 | steps: 170 | - name: Set up Python 3.8 171 | uses: actions/setup-python@v1 172 | with: 173 | python-version: 3.8 174 | 175 | - name: Install ansible-base (v2.9.17) 176 | run: pip install https://github.com/ansible/ansible/archive/v2.9.17.tar.gz --disable-pip-version-check 177 | 178 | - name: Install coverage (v4.5.4) 179 | run: pip install coverage==4.5.4 180 | 181 | - name: Download migrated collection artifacts 182 | uses: actions/download-artifact@v1 183 | with: 184 | name: collection 185 | path: .cache/collection-tarballs 186 | 187 | - name: Install the collection tarball 188 | run: ansible-galaxy collection install .cache/collection-tarballs/*.tar.gz 189 | 190 | - name: Requesting integration mutex 191 | uses: nev7n/wait_for_response@v1 192 | with: 193 | url: ${{ format('https://8v7s765ibh.execute-api.us-west-1.amazonaws.com/v1/ansible-nae?repo={0}', github.repository) }} 194 | responseCode: 200 195 | timeout: 2000000 196 | interval: 5000 197 | 198 | - name: Run integration tests on Python 3.8 199 | run: ansible-test network-integration --docker -v --color --retry-on-error --python 3.8 --truncate 0 --continue-on-error --coverage 200 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 201 | 202 | - name: Releasing integration mutex 203 | uses: nev7n/wait_for_response@v1 204 | if: always() 205 | with: 206 | url: ${{ format('https://8v7s765ibh.execute-api.us-west-1.amazonaws.com/v1/ansible-nae/release?repo={0}', github.repository) }} 207 | responseCode: 200 208 | 209 | - name: Generate coverage report 210 | run: ansible-test coverage xml -v --requirements --group-by command --group-by version 211 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 212 | 213 | - name: Push coverate report to codecov.io 214 | run: bash <(curl -s https://codecov.io/bash) -s 'tests/output/reports/' -F integration 215 | working-directory: /home/runner/.ansible/collections/ansible_collections/cisco/nae 216 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.gitignore.io/api/git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv 3 | # Edit at https://www.gitignore.io/?templates=git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv 4 | 5 | ### dotenv ### 6 | .env 7 | 8 | ### Emacs ### 9 | # -*- mode: gitignore; -*- 10 | *~ 11 | \#*\# 12 | /.emacs.desktop 13 | /.emacs.desktop.lock 14 | *.elc 15 | auto-save-list 16 | tramp 17 | .\#* 18 | 19 | # Org-mode 20 | .org-id-locations 21 | *_archive 22 | 23 | # flymake-mode 24 | *_flymake.* 25 | 26 | # eshell files 27 | /eshell/history 28 | /eshell/lastdir 29 | 30 | # elpa packages 31 | /elpa/ 32 | 33 | # reftex files 34 | *.rel 35 | 36 | # AUCTeX auto folder 37 | /auto/ 38 | 39 | # cask packages 40 | .cask/ 41 | dist/ 42 | 43 | # Flycheck 44 | flycheck_*.el 45 | 46 | # server auth directory 47 | /server/ 48 | 49 | # projectiles files 50 | .projectile 51 | 52 | # directory configuration 53 | .dir-locals.el 54 | 55 | # network security 56 | /network-security.data 57 | 58 | 59 | ### Git ### 60 | # Created by git for backups. To disable backups in Git: 61 | # $ git config --global mergetool.keepBackup false 62 | *.orig 63 | 64 | # Created by git when using merge tools for conflicts 65 | *.BACKUP.* 66 | *.BASE.* 67 | *.LOCAL.* 68 | *.REMOTE.* 69 | *_BACKUP_*.txt 70 | *_BASE_*.txt 71 | *_LOCAL_*.txt 72 | *_REMOTE_*.txt 73 | 74 | #!! ERROR: jupyternotebook is undefined. Use list command to see defined gitignore types !!# 75 | 76 | ### Linux ### 77 | 78 | # temporary files which can be created if a process still has a handle open of a deleted file 79 | .fuse_hidden* 80 | 81 | # KDE directory preferences 82 | .directory 83 | 84 | # Linux trash folder which might appear on any partition or disk 85 | .Trash-* 86 | 87 | # .nfs files are created when an open file is removed but is still being accessed 88 | .nfs* 89 | 90 | ### PyCharm+all ### 91 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm 92 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 93 | 94 | # User-specific stuff 95 | .idea/**/workspace.xml 96 | .idea/**/tasks.xml 97 | .idea/**/usage.statistics.xml 98 | .idea/**/dictionaries 99 | .idea/**/shelf 100 | 101 | # Generated files 102 | .idea/**/contentModel.xml 103 | 104 | # Sensitive or high-churn files 105 | .idea/**/dataSources/ 106 | .idea/**/dataSources.ids 107 | .idea/**/dataSources.local.xml 108 | .idea/**/sqlDataSources.xml 109 | .idea/**/dynamic.xml 110 | .idea/**/uiDesigner.xml 111 | .idea/**/dbnavigator.xml 112 | 113 | # Gradle 114 | .idea/**/gradle.xml 115 | .idea/**/libraries 116 | 117 | # Gradle and Maven with auto-import 118 | # When using Gradle or Maven with auto-import, you should exclude module files, 119 | # since they will be recreated, and may cause churn. Uncomment if using 120 | # auto-import. 121 | # .idea/modules.xml 122 | # .idea/*.iml 123 | # .idea/modules 124 | # *.iml 125 | # *.ipr 126 | 127 | # CMake 128 | cmake-build-*/ 129 | 130 | # Mongo Explorer plugin 131 | .idea/**/mongoSettings.xml 132 | 133 | # File-based project format 134 | *.iws 135 | 136 | # IntelliJ 137 | out/ 138 | 139 | # mpeltonen/sbt-idea plugin 140 | .idea_modules/ 141 | 142 | # JIRA plugin 143 | atlassian-ide-plugin.xml 144 | 145 | # Cursive Clojure plugin 146 | .idea/replstate.xml 147 | 148 | # Crashlytics plugin (for Android Studio and IntelliJ) 149 | com_crashlytics_export_strings.xml 150 | crashlytics.properties 151 | crashlytics-build.properties 152 | fabric.properties 153 | 154 | # Editor-based Rest Client 155 | .idea/httpRequests 156 | 157 | # Android studio 3.1+ serialized cache file 158 | .idea/caches/build_file_checksums.ser 159 | 160 | ### PyCharm+all Patch ### 161 | # Ignores the whole .idea folder and all .iml files 162 | # See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360 163 | 164 | .idea/ 165 | 166 | # Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023 167 | 168 | *.iml 169 | modules.xml 170 | .idea/misc.xml 171 | *.ipr 172 | 173 | # Sonarlint plugin 174 | .idea/sonarlint 175 | 176 | ### pydev ### 177 | .pydevproject 178 | 179 | ### Python ### 180 | # Byte-compiled / optimized / DLL files 181 | __pycache__/ 182 | *.py[cod] 183 | *$py.class 184 | 185 | # C extensions 186 | *.so 187 | 188 | # Distribution / packaging 189 | .Python 190 | build/ 191 | develop-eggs/ 192 | downloads/ 193 | eggs/ 194 | .eggs/ 195 | lib/ 196 | lib64/ 197 | parts/ 198 | sdist/ 199 | var/ 200 | wheels/ 201 | pip-wheel-metadata/ 202 | share/python-wheels/ 203 | *.egg-info/ 204 | .installed.cfg 205 | *.egg 206 | MANIFEST 207 | 208 | # PyInstaller 209 | # Usually these files are written by a python script from a template 210 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 211 | *.manifest 212 | *.spec 213 | 214 | # Installer logs 215 | pip-log.txt 216 | pip-delete-this-directory.txt 217 | 218 | # Unit test / coverage reports 219 | htmlcov/ 220 | .tox/ 221 | .nox/ 222 | .coverage 223 | .coverage.* 224 | .cache 225 | nosetests.xml 226 | coverage.xml 227 | *.cover 228 | .hypothesis/ 229 | .pytest_cache/ 230 | 231 | # Translations 232 | *.mo 233 | *.pot 234 | 235 | # Scrapy stuff: 236 | .scrapy 237 | 238 | # Sphinx documentation 239 | docs/_build/ 240 | 241 | # PyBuilder 242 | target/ 243 | 244 | # pyenv 245 | .python-version 246 | 247 | # pipenv 248 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 249 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 250 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 251 | # install all needed dependencies. 252 | #Pipfile.lock 253 | 254 | # celery beat schedule file 255 | celerybeat-schedule 256 | 257 | # SageMath parsed files 258 | *.sage.py 259 | 260 | # Spyder project settings 261 | .spyderproject 262 | .spyproject 263 | 264 | # Rope project settings 265 | .ropeproject 266 | 267 | # Mr Developer 268 | .mr.developer.cfg 269 | .project 270 | 271 | # mkdocs documentation 272 | /site 273 | 274 | # mypy 275 | .mypy_cache/ 276 | .dmypy.json 277 | dmypy.json 278 | 279 | # Pyre type checker 280 | .pyre/ 281 | 282 | ### Vim ### 283 | # Swap 284 | [._]*.s[a-v][a-z] 285 | [._]*.sw[a-p] 286 | [._]s[a-rt-v][a-z] 287 | [._]ss[a-gi-z] 288 | [._]sw[a-p] 289 | 290 | # Session 291 | Session.vim 292 | Sessionx.vim 293 | 294 | # Temporary 295 | .netrwhist 296 | # Auto-generated tag files 297 | tags 298 | # Persistent undo 299 | [._]*.un~ 300 | 301 | ### WebStorm ### 302 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm 303 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 304 | 305 | # User-specific stuff 306 | 307 | # Generated files 308 | 309 | # Sensitive or high-churn files 310 | 311 | # Gradle 312 | 313 | # Gradle and Maven with auto-import 314 | # When using Gradle or Maven with auto-import, you should exclude module files, 315 | # since they will be recreated, and may cause churn. Uncomment if using 316 | # auto-import. 317 | # .idea/modules.xml 318 | # .idea/*.iml 319 | # .idea/modules 320 | # *.iml 321 | # *.ipr 322 | 323 | # CMake 324 | 325 | # Mongo Explorer plugin 326 | 327 | # File-based project format 328 | 329 | # IntelliJ 330 | 331 | # mpeltonen/sbt-idea plugin 332 | 333 | # JIRA plugin 334 | 335 | # Cursive Clojure plugin 336 | 337 | # Crashlytics plugin (for Android Studio and IntelliJ) 338 | 339 | # Editor-based Rest Client 340 | 341 | # Android studio 3.1+ serialized cache file 342 | 343 | ### WebStorm Patch ### 344 | # Comment Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-215987721 345 | 346 | # *.iml 347 | # modules.xml 348 | # .idea/misc.xml 349 | # *.ipr 350 | 351 | # Sonarlint plugin 352 | .idea/**/sonarlint/ 353 | 354 | # SonarQube Plugin 355 | .idea/**/sonarIssues.xml 356 | 357 | # Markdown Navigator plugin 358 | .idea/**/markdown-navigator.xml 359 | .idea/**/markdown-navigator/ 360 | 361 | ### Windows ### 362 | # Windows thumbnail cache files 363 | Thumbs.db 364 | Thumbs.db:encryptable 365 | ehthumbs.db 366 | ehthumbs_vista.db 367 | 368 | # Dump file 369 | *.stackdump 370 | 371 | # Folder config file 372 | [Dd]esktop.ini 373 | 374 | # Recycle Bin used on file shares 375 | $RECYCLE.BIN/ 376 | 377 | # Windows Installer files 378 | *.cab 379 | *.msi 380 | *.msix 381 | *.msm 382 | *.msp 383 | 384 | # Windows shortcuts 385 | *.lnk 386 | 387 | # End of https://www.gitignore.io/api/git,linux,pydev,python,windows,pycharm+all,jupyternotebook,vim,webstorm,emacs,dotenv 388 | 389 | # vsCode 390 | .vscode 391 | 392 | # vim 393 | .vim 394 | 395 | # Ansible Collection tarball 396 | cisco-nae-*.tar.gz 397 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/file_upload.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Anvitha Jain (@anvitha-jain) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Set vars 7 | set_fact: 8 | nae_info: &nae_info 9 | host: '{{ nae_host }}' 10 | port: '{{ nae_port }}' 11 | username: '{{ nae_username }}' 12 | password: '{{ nae_password }}' 13 | validate_certs: '{{ nae_validate_certs | default(false) }}' 14 | 15 | - name: Add a new pre-change analysis (Contract) from file upload 16 | nae_prechange: 17 | <<: *nae_info 18 | ag_name: Change Management 19 | file: targets/nae_prechange/tasks/contract.json 20 | name: ansible_file_upload 21 | description: pre-change analysis using file upload 22 | state: present 23 | register: add_pre_change_contract 24 | 25 | - name: Checking pre-change analysis (Contract) from file upload is added 26 | assert: 27 | that: 28 | - add_pre_change_contract is changed 29 | - add_pre_change_contract.Result == "Pre-change analysis ansible_file_upload successfully created." 30 | 31 | - name: Add a new pre-change analysis from file upload (non-existing file) 32 | nae_prechange: 33 | <<: *nae_info 34 | ag_name: Change Management 35 | file: targets/nae_prechange/tasks/ansible_test.json 36 | name: ansible_file_upload_test 37 | description: pre-change analysis using file upload 38 | state: present 39 | ignore_errors: true 40 | register: add_pre_change_file 41 | 42 | - name: Checking pre-change analysis from file upload (non-existing file) 43 | assert: 44 | that: 45 | - add_pre_change_file is not changed 46 | - add_pre_change_file.msg == ("File not found {{':'}} targets/nae_prechange/tasks/ansible_test.json") 47 | 48 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 49 | nae_prechange: 50 | <<: *nae_info 51 | ag_name: Change Management 52 | name: ansible_file_upload 53 | state: query 54 | register: query_file_specific_result 55 | ignore_errors: true 56 | until: query_file_specific_result.msg != "Pre-Change Job has not yet completed." 57 | retries: 25 58 | delay: 5 59 | 60 | - name: Add pre-change analysis (Contract) from file upload again (same name same filename) 61 | nae_prechange: 62 | <<: *nae_info 63 | ag_name: Change Management 64 | file: targets/nae_prechange/tasks/contract.json 65 | name: ansible_file_upload 66 | description: pre-change analysis using file upload 67 | state: present 68 | ignore_errors: true 69 | register: add_pre_change_again_same 70 | 71 | - name: Add pre-change analysis (Contract) from file upload again (same name different filename) 72 | nae_prechange: 73 | <<: *nae_info 74 | ag_name: Change Management 75 | file: targets/nae_prechange/tasks/contract_identical.json 76 | name: ansible_file_upload 77 | description: pre-change analysis using file upload 78 | verify: True # converts to json format 79 | state: present 80 | ignore_errors: true 81 | register: add_pre_change_again_file 82 | 83 | - name: Add pre-change analysis (Contract) from file upload again 84 | assert: 85 | that: 86 | - add_pre_change_again_same is not changed 87 | - add_pre_change_again_same.msg == "Pre-Change Analysis Job with the name ansible_file_upload already exists." 88 | - add_pre_change_again_file is not changed 89 | - add_pre_change_again_file.msg == "Pre-Change Analysis Job with the name ansible_file_upload already exists." 90 | 91 | - name: Add pre-change analysis (Contract) from file upload again (same filename different name) 92 | nae_prechange: 93 | <<: *nae_info 94 | ag_name: Change Management 95 | file: targets/nae_prechange/tasks/contract.json 96 | name: ansible_file_upload_2 97 | description: pre-change analysis using file upload 98 | state: present 99 | ignore_errors: true 100 | register: add_pre_change_again 101 | 102 | - name: Add file upload again (same filename different name) 103 | assert: 104 | that: 105 | - add_pre_change_again is changed 106 | - add_pre_change_again.Result == "Pre-change analysis ansible_file_upload_2 successfully created." 107 | 108 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 109 | nae_prechange: 110 | <<: *nae_info 111 | ag_name: Change Management 112 | name: ansible_file_upload_2 113 | state: query 114 | register: query_file_specific_result 115 | ignore_errors: true 116 | until: query_file_specific_result.msg != "Pre-Change Job has not yet completed." 117 | retries: 25 118 | delay: 5 119 | 120 | - name: Add pre-change analysis from file upload (non JSON format & verify is False) 121 | nae_prechange: 122 | <<: *nae_info 123 | ag_name: Change Management 124 | file: targets/nae_prechange/tasks/ansible_dump.json 125 | name: ansible_file_upload_test 126 | description: pre-change analysis using file upload 127 | verify: False 128 | state: present 129 | ignore_errors: true 130 | register: add_pre_change_format 131 | 132 | - name: Checking pre-change analysis from file upload (non JSON format & verify is False) 133 | assert: 134 | that: 135 | - add_pre_change_format is not changed 136 | - add_pre_change_format.msg == "Error parsing input file. JSON format necessary" 137 | 138 | - name: Add pre-change analysis from file upload (non JSON format & verify is True) 139 | nae_prechange: 140 | <<: *nae_info 141 | ag_name: Change Management 142 | file: targets/nae_prechange/tasks/ansible_dump.json 143 | name: ansible_file_upload_3 144 | description: pre-change analysis using file upload 145 | verify: True # converts to json format 146 | state: present 147 | register: add_pre_change_verify 148 | 149 | - name: Checking pre-change analysis from file upload (non JSON format & verify is True) 150 | assert: 151 | that: 152 | - add_pre_change_verify is changed 153 | - add_pre_change_verify.Result == "Pre-change analysis ansible_file_upload_3 successfully created." 154 | 155 | - name: Query all pre-change analysis 156 | nae_prechange: &query_pre_change_file 157 | <<: *nae_info 158 | ag_name: Change Management 159 | state: query 160 | register: query_file_all_result 161 | 162 | - name: Verify querying all pre-change analysis 163 | assert: 164 | that: 165 | - query_file_all_result.Analyses[0] != None 166 | 167 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 168 | nae_prechange: 169 | <<: *nae_info 170 | ag_name: Change Management 171 | name: ansible_file_upload_3 172 | state: query 173 | register: query_file_specific_result 174 | ignore_errors: true 175 | until: query_file_specific_result.msg != "Pre-Change Job has not yet completed." 176 | retries: 25 177 | delay: 5 178 | 179 | - name: Verify querying specific pre-change analysis 180 | assert: 181 | that: 182 | - query_file_specific_result.msg == "Pre-change analysis failed. The above smart events have been detected for later epoch only." 183 | 184 | - name: Query non-existing pre-change analysis 185 | nae_prechange: 186 | <<: *query_pre_change_file 187 | name: NewAnalysis_2 188 | register: query_file_result 189 | ignore_errors: true 190 | 191 | - name: Verify querying non-existing pre-change analysis 192 | assert: 193 | that: 194 | - query_file_result.msg == "No such Pre-Change Job exists." 195 | 196 | - name: Delete a pre_change analysis 197 | nae_prechange: &delete_prechange 198 | <<: *nae_info 199 | ag_name: Change Management 200 | name: ansible_file_upload 201 | state: absent 202 | register: remove_file_pre_change 203 | 204 | - name: Delete a non-existing pre_change analysis 205 | nae_prechange: 206 | <<: *delete_prechange 207 | ignore_errors: true 208 | register: remove_file_pre_change_again 209 | 210 | - name: Verify deletion of pre-change analysis 211 | assert: 212 | that: 213 | - remove_file_pre_change.msg == "Delete Pre-change Job successful" 214 | - remove_file_pre_change_again.msg == "No such Pre-Change Job exists." 215 | 216 | - name: Add pre-change analysis from file upload for tenant delete 217 | nae_prechange: 218 | <<: *nae_info 219 | ag_name: Change Management 220 | file: targets/nae_prechange/tasks/tenant_delete_dump.json 221 | name: ansible_file_upload_tenant 222 | description: pre-change analysis using file upload 223 | verify: True # converts to json format 224 | state: present 225 | register: add_pre_change_verify_tenant 226 | 227 | - name: Checking pre-change analysis from file upload for tenant delete (non JSON format & verify is True) 228 | assert: 229 | that: 230 | - add_pre_change_verify_tenant is changed 231 | - add_pre_change_verify_tenant.Result == "Pre-change analysis ansible_file_upload_tenant successfully created." 232 | -------------------------------------------------------------------------------- /plugins/modules/nae_prechange.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | # Copyright: (c) 2020, Anvitha Jain (@anvitha-jain) 4 | 5 | # GNU General Public License v3.0+ (see COPYING or 6 | # https://www.gnu.org/licenses/gpl-3.0.txt) 7 | 8 | from __future__ import absolute_import, division, print_function 9 | __metaclass__ = type 10 | 11 | 12 | ANSIBLE_METADATA = {'metadata_version': '1.1', 'status': ['preview'], 13 | 'supported_by': 'certified'} 14 | 15 | DOCUMENTATION = \ 16 | r''' 17 | --- 18 | module: nae_prechange 19 | short_description: Manage pre-change analyses. 20 | description: 21 | - Manage Pre-Change Analyses on Cisco NAE fabrics. 22 | version_added: '0.0.2' 23 | options: 24 | ag_name: 25 | description: 26 | - The name of the assurance group. 27 | type: str 28 | required: yes 29 | aliases: [ fab_name ] 30 | name: 31 | description: 32 | - The name of the pre-change analysis 33 | type: str 34 | required: yes 35 | description: 36 | description: 37 | - Description for the pre-change analysis. 38 | type: str 39 | aliases: [ descr ] 40 | verify: 41 | description: 42 | - This parameter is used to change the behaviour of the C(present) and C(query) states 43 | - When used with state C(present) this flag specify that the input JSON file has been created by the cisco.aci collection output_path config dump. 44 | - When used with state C(query) this flag will wait to execute the query until the NAE pre-change verification task status value is COMPLETED 45 | type: bool 46 | state: 47 | description: 48 | - Use C(present) or C(absent) for adding or removing. 49 | - Use C(query) for listing an object or multiple objects. 50 | type: str 51 | choices: [ absent, present, query ] 52 | default: present 53 | file: 54 | description: 55 | - Optional parameter if creating new pre-change analysis from file. 56 | changes: 57 | description: 58 | - Optional parameter if creating new pre-change analysis from change-list (manual) 59 | ignore_sm: 60 | description: 61 | - Optional list of Smart Event Mnemonics that should be ignored 62 | type: list 63 | 64 | author: 65 | - Shantanu Kulkarni (@shan_kulk) 66 | - Anvitha Jain (@anvitha-jain) 67 | ''' 68 | 69 | EXAMPLES = r''' 70 | - name: Add a pre-change analysis from manual changes (version <= 4.1) 71 | nae_prechange: 72 | host: nae 73 | port: 8080 74 | username: Admin 75 | password: C@ndidadmin1234 76 | ag_name: FAB2 77 | changes: {"tenant_change": {"action": "ADD","dn": "uni/tn-newTenant","description": "Adding a new Tenant"}} 78 | name: NewAnalysis 79 | state: present 80 | delegate_to: localhost 81 | - name: Add a pre-change analysis from manual changes (version >= 5.0) 82 | nae_prechange: &add_prechange 83 | host: nae 84 | port: 8080 85 | username: Admin 86 | password: C@ndidadmin1234 87 | ag_name: FAB2 88 | changes: | 89 | [ 90 | { 91 | "vzBrCP": { 92 | "attributes": { 93 | "descr": "", 94 | "intent": "install", 95 | "nameAlias": "", 96 | "prio": "unspecified", 97 | "scope": "context", 98 | "targetDscp": "unspecified", 99 | "dn": "uni/tn-AnsibleTest/brc-test_brc", 100 | "name": "test_brc", 101 | "pcv_status": "created" 102 | }, 103 | "children": [] 104 | } 105 | } 106 | ] 107 | name: NewAnalysis 108 | state: present 109 | delegate_to: localhost 110 | - name: Delete a pre_change analysis 111 | nae_prechange: 112 | host: nae 113 | port: 8080 114 | username: Admin 115 | password: C@ndidadmin1234 116 | ag_name: FAB2 117 | name: NewAnalysis 118 | state: absent 119 | delegate_to: localhost 120 | - name: Add a new pre-change analysis from file (JSON from APIC file) 121 | nae_prechange: 122 | host: nae 123 | port: 8080 124 | username: Admin 125 | password: C@ndidadmin1234 126 | ag_name: FAB2 127 | file: object_from_apic.json 128 | name: NewAnalysis 129 | description: New Analysis 130 | state: present 131 | delegate_to: localhost 132 | - name: Add a new pre-change analysis from file (JSON from ACI collection output_path) 133 | nae_prechange: 134 | host: nae 135 | port: 8080 136 | username: Admin 137 | password: C@ndidadmin1234 138 | ag_name: FAB2 139 | file: object_from_cisco_aci_collection_output.json 140 | name: NewAnalysis 141 | description: New Analysis 142 | verify: True 143 | state: present 144 | delegate_to: localhost 145 | - name: Query a pre-change analysis (wait until status = COMPLETED) 146 | nae_prechange: 147 | host: nae 148 | port: 8080 149 | username: Admin 150 | password: C@ndidadmin1234 151 | ag_name: FAB2 152 | name: Analysis1 153 | state: query 154 | verify: True 155 | delegate_to: localhost 156 | - name: Query a pre-change analysis 157 | nae_prechange: 158 | host: nae 159 | port: 8080 160 | username: Admin 161 | password: C@ndidadmin1234 162 | ag_name: FAB2 163 | name: Analysis1 164 | state: query 165 | delegate_to: localhost 166 | - name: Query a pre-change analysis and ignore some smart_events 167 | nae_prechange: 168 | host: nae 169 | port: 8080 170 | username: Admin 171 | password: C@ndidadmin1234 172 | ag_name: FAB2 173 | name: Analysis1 174 | state: query 175 | ignore_sm: 176 | - APP_EPG_NOT_DEPLOYED 177 | - APP_EPG_HAS_NO_CONTRACT_IN_ENFORCED_VRF 178 | delegate_to: localhost 179 | - name: Query all pre-change analyses 180 | nae_prechange: 181 | host: nae 182 | port: 8080 183 | username: Admin 184 | password: C@ndidadmin1234 185 | ag_name: FAB2 186 | state: query 187 | delegate_to: localhost 188 | register: query_result 189 | ''' 190 | 191 | RETURN = \ 192 | ''' 193 | resp: 194 | description: Return payload 195 | type: str 196 | returned: always 197 | ''' 198 | 199 | from requests.packages.urllib3.exceptions import InsecureRequestWarning 200 | from ansible_collections.cisco.nae.plugins.module_utils.nae import NAEModule, nae_argument_spec 201 | from ansible.module_utils.basic import AnsibleModule 202 | import requests 203 | 204 | 205 | def main(): 206 | requests.packages.urllib3.disable_warnings(InsecureRequestWarning) 207 | argument_spec = nae_argument_spec() 208 | argument_spec.update( # Not required for querying all objects 209 | ag_name=dict(type='str', aliases=['fab_name']), 210 | name=dict(type='str'), 211 | description=dict(type='str'), 212 | changes=dict(type='str'), 213 | ignore_sm=dict(type='list', default=[]), 214 | verify=dict(type='bool', default=False), 215 | save=dict(type='bool', default=False), 216 | file=dict(type='str', default=None), 217 | validate_certs=dict(type='bool', default=False), 218 | state=dict(type='str', default='present', choices=['absent', 219 | 'present', 'query']), 220 | ) 221 | 222 | module = AnsibleModule(argument_spec=argument_spec, 223 | supports_check_mode=True, 224 | required_if=[['state', 'absent', ['name']], 225 | ['state', 'present', ['name']]]) 226 | 227 | changes = module.params.get('changes') 228 | change_file = module.params.get('file') 229 | state = module.params.get('state') 230 | name = module.params.get('name') 231 | save = module.params.get('save') 232 | nae = NAEModule(module) 233 | 234 | module.params['action'] = 'RUN' 235 | if save: 236 | module.params['action'] = 'SAVE' 237 | 238 | if state == 'present' and change_file: 239 | nae.create_pre_change_from_file() 240 | nae.result['changed'] = True 241 | module.exit_json(**nae.result) 242 | elif state == 'present' and changes: 243 | nae.create_pre_change_from_manual_changes() 244 | module.exit_json(**nae.result) 245 | elif state == 'query' and name: 246 | nae.result['Result'] = nae.get_pre_change_result() 247 | if not nae.result['Result']: 248 | module.exit_json( 249 | msg="Pre-change analysis failed. The above smart events have been detected for later epoch only.", 250 | **nae.result) 251 | module.exit_json(**nae.result) 252 | elif state == 'query' and not name: 253 | nae.show_pre_change_analyses() 254 | module.exit_json(**nae.result) 255 | elif state == 'absent': 256 | nae.delete_pre_change_analysis() 257 | module.exit_json(**nae.result) 258 | 259 | module.fail_json(msg='Incorrect params passed', **nae.result) 260 | 261 | 262 | if __name__ == '__main__': 263 | main() 264 | -------------------------------------------------------------------------------- /playbooks/full_aci_demo.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: playbook for testing anp's and epg's 4 | hosts: all 5 | collections: 6 | - cisco.aci 7 | connection: local 8 | gather_facts: no 9 | vars: 10 | aci_login: &aci_login 11 | hostname: '{{ inventory_hostname }}' 12 | username: '{{ user }}' 13 | password: '{{ pass }}' 14 | use_proxy: 'no' 15 | validate_certs: '{{ validate_certs }}' 16 | 17 | tasks: 18 | 19 | # PREP 20 | 21 | - name: ensure tenant exists 22 | aci_tenant: 23 | <<: *aci_login 24 | name: AnsibleTest 25 | descr: 'tenant by Ansible' 26 | output_path: 'dump.json' 27 | 28 | - pause: 29 | prompt: "Press a key to continue" 30 | 31 | - name: ensure context for tenant exists 32 | aci_vrf: 33 | <<: *aci_login 34 | tenant: AnsibleTest 35 | name: AnsibleTest_VRF 36 | state: present 37 | output_path: 'dump.json' 38 | 39 | - name: ensure bridge domain 1 exists 40 | aci_bd: 41 | <<: *aci_login 42 | name: AnsibleTest_BD1 43 | vrf: AnsibleTest_VRF 44 | tenant: AnsibleTest 45 | state: present 46 | output_path: 'dump.json' 47 | 48 | - name: add subnet to BD 49 | aci_bd_subnet: 50 | <<: *aci_login 51 | tenant: AnsibleTest 52 | bd: AnsibleTest_BD1 53 | subnet_name: BD1 54 | gateway: 10.10.10.1 55 | mask: 24 56 | state: present 57 | output_path: 'dump.json' 58 | 59 | - name: ensure bridge domain 2 exists 60 | aci_bd: 61 | <<: *aci_login 62 | name: AnsibleTest_BD2 63 | vrf: AnsibleTest_VRF 64 | tenant: AnsibleTest 65 | state: present 66 | output_path: 'dump.json' 67 | 68 | - name: add subnet to BD 69 | aci_bd_subnet: 70 | <<: *aci_login 71 | tenant: AnsibleTest 72 | bd: AnsibleTest_BD2 73 | subnet_name: BD2 74 | gateway: 20.20.20.1 75 | mask: 24 76 | state: present 77 | output_path: 'dump.json' 78 | 79 | - name: ensure web filter exists 80 | aci_filter: 81 | <<: *aci_login 82 | name: Web_Filter 83 | tenant: AnsibleTest 84 | state: present 85 | output_path: 'dump.json' 86 | 87 | - name: entry for web filter 88 | aci_filter_entry: 89 | <<: *aci_login 90 | name: web_filter 91 | ether_type: ip 92 | ip_protocol: tcp 93 | tenant: AnsibleTest 94 | filter: Web_Filter 95 | dst_port: 80 96 | state: present 97 | output_path: 'dump.json' 98 | 99 | - name: ensure app filter exists 100 | aci_filter: 101 | <<: *aci_login 102 | name: App_Filter 103 | tenant: AnsibleTest 104 | state: present 105 | output_path: 'dump.json' 106 | 107 | - name: entry for app filter 108 | aci_filter_entry: 109 | <<: *aci_login 110 | name: app_filter 111 | ether_type: ip 112 | ip_protocol: tcp 113 | tenant: AnsibleTest 114 | filter: App_Filter 115 | dst_port: 1433 116 | state: present 117 | output_path: 'dump.json' 118 | 119 | - name: ensure db filter exists 120 | aci_filter: 121 | <<: *aci_login 122 | name: DB_Filter 123 | tenant: AnsibleTest 124 | state: present 125 | output_path: 'dump.json' 126 | 127 | - name: entry for db filter 128 | aci_filter_entry: 129 | <<: *aci_login 130 | name: db_filter 131 | ether_type: ip 132 | ip_protocol: tcp 133 | tenant: AnsibleTest 134 | filter: DB_Filter 135 | dst_port: 1521 136 | state: present 137 | output_path: 'dump.json' 138 | 139 | - name: ensure contracts exist 140 | aci_contract: 141 | <<: *aci_login 142 | name: '{{ item }}' 143 | tenant: AnsibleTest 144 | output_path: 'dump.json' 145 | with_items: 146 | - Web_Con 147 | - App_Con 148 | - DB_Con 149 | 150 | 151 | - name: ensure subject exists for web contract 152 | aci_contract_subject: 153 | <<: *aci_login 154 | subject: web_subject 155 | contract: Web_Con 156 | tenant: AnsibleTest 157 | output_path: 'dump.json' 158 | 159 | - name: ensure subject exists for web contract 160 | aci_contract_subject: 161 | <<: *aci_login 162 | subject: app_subject 163 | contract: App_Con 164 | tenant: AnsibleTest 165 | output_path: 'dump.json' 166 | 167 | - name: ensure subject exists for web contract 168 | aci_contract_subject: 169 | <<: *aci_login 170 | subject: db_subject 171 | contract: DB_Con 172 | tenant: AnsibleTest 173 | output_path: 'dump.json' 174 | 175 | - name: ensure filter exists for web contract 176 | aci_contract_subject_to_filter: 177 | <<: *aci_login 178 | subject: web_subject 179 | contract: Web_Con 180 | filter: Web_Filter 181 | tenant: AnsibleTest 182 | output_path: 'dump.json' 183 | 184 | - name: ensure filter exists for web contract 185 | aci_contract_subject_to_filter: 186 | <<: *aci_login 187 | subject: app_subject 188 | contract: App_Con 189 | filter: App_Filter 190 | tenant: AnsibleTest 191 | output_path: 'dump.json' 192 | 193 | - name: ensure filter exists for web contract 194 | aci_contract_subject_to_filter: 195 | <<: *aci_login 196 | subject: db_subject 197 | contract: DB_Con 198 | filter: DB_Filter 199 | tenant: AnsibleTest 200 | output_path: 'dump.json' 201 | 202 | # TESTING APP NET PROFILES AND EPGS 203 | 204 | - name: create app network profile 205 | aci_ap: 206 | <<: *aci_login 207 | name: 3Tier_App 208 | tenant: AnsibleTest 209 | state: present 210 | output_path: 'dump.json' 211 | 212 | - name: ensure web epg exists 213 | aci_epg: 214 | <<: *aci_login 215 | name: Web_EPG 216 | bd: AnsibleTest_BD1 217 | ap: 3Tier_App 218 | tenant: AnsibleTest 219 | state: present 220 | output_path: 'dump.json' 221 | 222 | - name: Map web epg to VMM Domain 223 | aci_epg_to_domain: 224 | <<: *aci_login 225 | tenant: AnsibleTest 226 | ap: 3Tier_App 227 | epg: Web_EPG 228 | domain_type: vmm 229 | vm_provider: kubernetes 230 | domain: KubeSpray 231 | state: present 232 | output_path: 'dump.json' 233 | 234 | 235 | - name: Add contracts to web epg 236 | aci_epg_to_contract: 237 | <<: *aci_login 238 | tenant: AnsibleTest 239 | ap: 3Tier_App 240 | epg: Web_EPG 241 | contract: Web_Con 242 | contract_type: consumer 243 | state: present 244 | output_path: 'dump.json' 245 | 246 | - name: Add contracts to web epg 247 | aci_epg_to_contract: 248 | <<: *aci_login 249 | tenant: AnsibleTest 250 | ap: 3Tier_App 251 | epg: Web_EPG 252 | contract: App_Con 253 | contract_type: provider 254 | state: present 255 | output_path: 'dump.json' 256 | 257 | 258 | - name: ensure app epg exists 259 | aci_epg: 260 | <<: *aci_login 261 | name: App_EPG 262 | bd: AnsibleTest_BD1 263 | ap: 3Tier_App 264 | tenant: AnsibleTest 265 | state: present 266 | output_path: 'dump.json' 267 | 268 | - name: Map app epg to VMM Domain 269 | aci_epg_to_domain: 270 | <<: *aci_login 271 | tenant: AnsibleTest 272 | ap: 3Tier_App 273 | epg: App_EPG 274 | domain_type: vmm 275 | vm_provider: vmware 276 | domain: ACI 277 | state: present 278 | output_path: 'dump.json' 279 | 280 | - name: Add contracts to app epg 281 | aci_epg_to_contract: 282 | <<: *aci_login 283 | tenant: AnsibleTest 284 | ap: 3Tier_App 285 | epg: App_EPG 286 | contract: App_Con 287 | contract_type: consumer 288 | state: present 289 | output_path: 'dump.json' 290 | 291 | - name: Add contracts to app epg 292 | aci_epg_to_contract: 293 | <<: *aci_login 294 | tenant: AnsibleTest 295 | ap: 3Tier_App 296 | epg: App_EPG 297 | contract: DB_Con 298 | contract_type: provider 299 | state: present 300 | output_path: 'dump.json' 301 | 302 | 303 | - name: ensure db epg exists 304 | aci_epg: 305 | <<: *aci_login 306 | name: DB_EPG 307 | bd: AnsibleTest_BD1 308 | ap: 3Tier_App 309 | tenant: AnsibleTest 310 | state: present 311 | output_path: 'dump.json' 312 | 313 | - name: Map epg to VMM Domain 314 | aci_epg_to_domain: 315 | <<: *aci_login 316 | tenant: AnsibleTest 317 | ap: 3Tier_App 318 | epg: DB_EPG 319 | domain_type: vmm 320 | vm_provider: vmware 321 | domain: ACI 322 | state: present 323 | output_path: 'dump.json' 324 | 325 | 326 | - name: Add contracts to app epg 327 | aci_epg_to_contract: 328 | <<: *aci_login 329 | tenant: AnsibleTest 330 | ap: 3Tier_App 331 | epg: DB_EPG 332 | contract: DB_Con 333 | contract_type: consumer 334 | state: present 335 | output_path: 'dump.json' 336 | 337 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_prechange/tasks/manual_upload.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Anvitha Jain (@anvitha-jain) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Set vars 7 | set_fact: 8 | nae_info: &nae_info 9 | host: '{{ nae_host }}' 10 | port: '{{ nae_port }}' 11 | username: '{{ nae_username }}' 12 | password: '{{ nae_password }}' 13 | validate_certs: '{{ nae_validate_certs | default(false) }}' 14 | 15 | - name: Add new pre-change analysis from manual changes ( Add Contract ) 16 | nae_prechange: &add_prechange 17 | <<: *nae_info 18 | ag_name: Change Management 19 | changes: | 20 | [ 21 | { 22 | "vzBrCP": { 23 | "attributes": { 24 | "descr": "", 25 | "intent": "install", 26 | "nameAlias": "", 27 | "prio": "unspecified", 28 | "scope": "context", 29 | "targetDscp": "unspecified", 30 | "dn": "uni/tn-AnsibleTest/brc-test_brc", 31 | "name": "test_brc", 32 | "pcv_status": "created" 33 | }, 34 | "children": [] 35 | } 36 | } 37 | ] 38 | name: ansible_manual_upload 39 | state: present 40 | register: add_pre_change_contract 41 | 42 | - name: Checking pre-change analysis from manual changes ( Contract ) is added 43 | assert: 44 | that: 45 | - add_pre_change_contract is changed 46 | - add_pre_change_contract.Previous == {} 47 | - add_pre_change_contract.Result == "Pre-change analysis ansible_manual_upload successfully created." 48 | 49 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 50 | nae_prechange: 51 | <<: *nae_info 52 | ag_name: Change Management 53 | name: ansible_manual_upload 54 | state: query 55 | register: query_specific_result 56 | ignore_errors: true 57 | until: query_specific_result.msg != "Pre-Change Job has not yet completed." 58 | retries: 25 59 | delay: 5 60 | 61 | - name: Save pre-change analysis from manual changes ( Save Contract ) 62 | nae_prechange: &save_prechange 63 | <<: *nae_info 64 | ag_name: Change Management 65 | changes: | 66 | [ 67 | { 68 | "vzBrCP": { 69 | "attributes": { 70 | "descr": "", 71 | "intent": "install", 72 | "nameAlias": "", 73 | "prio": "unspecified", 74 | "scope": "context", 75 | "targetDscp": "unspecified", 76 | "dn": "uni/tn-AnsibleTest/brc-test_brc", 77 | "name": "test_brc", 78 | "pcv_status": "created" 79 | }, 80 | "children": [] 81 | } 82 | } 83 | ] 84 | name: ansible_manual_upload_2 85 | save: True 86 | state: present 87 | register: save_pre_change_contract 88 | 89 | - name: Checking pre-change analysis from manual changes ( Contract ) is saved 90 | assert: 91 | that: 92 | - save_pre_change_contract.Previous == {} 93 | - save_pre_change_contract is changed 94 | - save_pre_change_contract.Result == "Pre-change analysis ansible_manual_upload_2 successfully created." 95 | 96 | - name: Run/Add existing saved pre-change analysis from manual changes without modification. 97 | nae_prechange: 98 | <<: *save_prechange 99 | save: False 100 | register: run_saved_pre_change_contract 101 | 102 | - name: Checking creation of existing saved pre-change analysis from manual changes without modification. 103 | assert: 104 | that: 105 | - run_saved_pre_change_contract is changed 106 | - run_saved_pre_change_contract.Result == "Pre-change analysis ansible_manual_upload_2 successfully created." 107 | 108 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 109 | nae_prechange: 110 | <<: *nae_info 111 | ag_name: Change Management 112 | name: ansible_manual_upload_2 113 | state: query 114 | register: query_specific_result 115 | ignore_errors: true 116 | until: query_specific_result.msg != "Pre-Change Job has not yet completed." 117 | retries: 25 118 | delay: 5 119 | 120 | - name: Save pre-change analysis from manual changes ( EPG ). [save] 121 | nae_prechange: &prechange_save_epg 122 | <<: *nae_info 123 | ag_name: Change Management 124 | changes: | 125 | [ 126 | { 127 | "fvAEPg": { 128 | "attributes": { 129 | "descr": "", 130 | "exceptionTag": "", 131 | "floodOnEncap": "disabled", 132 | "fwdCtrl": "none", 133 | "hasMcastSource": "no", 134 | "isAttrBasedEPg": "no", 135 | "matchT": "AtleastOne", 136 | "nameAlias": "", 137 | "pcEnfPref": "unenforced", 138 | "prefGrMemb": "exclude", 139 | "prio": "unspecified", 140 | "shutdown": "no", 141 | "dn": "uni/tn-common/ap-default/epg-epg", 142 | "name": "epg", 143 | "pcv_status": "created" 144 | }, 145 | "children": [{ 146 | "fvRsBd": { 147 | "attributes": { 148 | "tnFvBDName": "", 149 | "pcv_status": "" 150 | } 151 | } 152 | }] 153 | } 154 | } 155 | ] 156 | name: ansible_manual_upload_3 157 | description: do change 158 | state: present 159 | save: True 160 | register: save_pre_change 161 | 162 | - name: Checking pre-change analysis from manual changes ( EPG ) is saved. [save] 163 | assert: 164 | that: 165 | - save_pre_change.Previous == {} 166 | - save_pre_change is changed 167 | - save_pre_change.Result == "Pre-change analysis ansible_manual_upload_3 successfully created." 168 | 169 | - name: Modify existing pre-change analysis from manual changes. [edit and save] 170 | nae_prechange: 171 | <<: *prechange_save_epg 172 | changes: | 173 | [ 174 | { 175 | "fvAEPg": { 176 | "attributes": { 177 | "descr": "modify and save prechange analysis ", 178 | "exceptionTag": "", 179 | "floodOnEncap": "disabled", 180 | "fwdCtrl": "none", 181 | "hasMcastSource": "no", 182 | "isAttrBasedEPg": "no", 183 | "matchT": "AtleastOne", 184 | "nameAlias": "", 185 | "pcEnfPref": "unenforced", 186 | "prefGrMemb": "exclude", 187 | "prio": "unspecified", 188 | "shutdown": "no", 189 | "dn": "uni/tn-common/ap-default/epg-epg", 190 | "name": "epg", 191 | "pcv_status": "created" 192 | }, 193 | "children": [{ 194 | "fvRsBd": { 195 | "attributes": { 196 | "tnFvBDName": "", 197 | "pcv_status": "" 198 | } 199 | } 200 | }] 201 | } 202 | } 203 | ] 204 | register: modify_and_save_pre_change 205 | 206 | - name: Checking modification of existing pre-change analysis from manual changes [edit and save] 207 | assert: 208 | that: 209 | - modify_and_save_pre_change is changed 210 | - modify_and_save_pre_change.Result == "Pre-change analysis ansible_manual_upload_3 successfully created." 211 | 212 | - name: Modify existing saved pre-change analysis from manual changes [edit and run] 213 | nae_prechange: 214 | <<: *prechange_save_epg 215 | description: modify prechange analysis 216 | save: False 217 | register: modify_pre_change 218 | 219 | - name: Checking modification of existing saved pre-change analysis from manual changes [edit and run] 220 | assert: 221 | that: 222 | - modify_pre_change is changed 223 | - modify_pre_change.Result == "Pre-change analysis ansible_manual_upload_3 successfully created." 224 | 225 | - name: Query specific pre-change analysis (checks if Pre-Change Job is complete) 226 | nae_prechange: 227 | <<: *nae_info 228 | ag_name: Change Management 229 | name: ansible_manual_upload_3 230 | state: query 231 | register: query_specific_result 232 | ignore_errors: true 233 | until: query_specific_result.msg != "Pre-Change Job has not yet completed." 234 | retries: 25 235 | delay: 5 236 | 237 | - name: Add existing pre-change analysis from manual changes again 238 | nae_prechange: 239 | <<: *add_prechange 240 | ignore_errors: yes 241 | register: add_pre_change_again 242 | 243 | - name: Verify adding existing pre-change analysis from manual changes again 244 | assert: 245 | that: 246 | - add_pre_change_again is not changed 247 | 248 | - name: Modify pre-change analysis from manual changes again (status not SAVED) 249 | nae_prechange: 250 | <<: *add_prechange 251 | description: contract analysis changes for unsaved 252 | ignore_errors: yes 253 | register: modify_unsaved_pre_change_again 254 | 255 | - name: Verify Modifying pre-change analysis from manual changes again (status not SAVED) 256 | assert: 257 | that: 258 | - modify_unsaved_pre_change_again is not changed 259 | - modify_unsaved_pre_change_again.msg == "Pre-change analysis ansible_manual_upload is not in SAVED status. It cannot be edited." 260 | 261 | - name: Query all pre-change analysis 262 | nae_prechange: 263 | <<: *nae_info 264 | ag_name: Change Management 265 | state: query 266 | register: query_all_result 267 | 268 | - name: Verify querying all pre-change analysis 269 | assert: 270 | that: 271 | - query_all_result.Analyses[0] != None 272 | 273 | - name: Query specific pre-change analysis 274 | nae_prechange: 275 | <<: *nae_info 276 | ag_name: Change Management 277 | name: ansible_manual_upload_3 278 | state: query 279 | register: query_specific_result 280 | ignore_errors: true 281 | 282 | - name: Verify querying specific pre-change analysis 283 | assert: 284 | that: 285 | - query_specific_result.msg == "Pre-change analysis failed. The above smart events have been detected for later epoch only." 286 | 287 | - name: Query non-existing pre-change analysis 288 | nae_prechange: 289 | <<: *nae_info 290 | ag_name: Change Management 291 | name: NewAnalysis_2 292 | state: query 293 | register: query_result 294 | ignore_errors: true 295 | 296 | - name: Verify querying non-existing pre-change analysis 297 | assert: 298 | that: 299 | - query_result.msg == "No such Pre-Change Job exists." 300 | 301 | - name: Delete a pre_change analysis 302 | nae_prechange: &delete_prechange 303 | <<: *nae_info 304 | ag_name: Change Management 305 | name: ansible_manual_upload_3 306 | state: absent 307 | register: remove_pre_change 308 | 309 | - name: Delete a non-existing pre_change analysis 310 | nae_prechange: 311 | <<: *delete_prechange 312 | ignore_errors: yes 313 | register: remove_pre_change_again 314 | 315 | - name: Verify deletion of pre-change analysis 316 | assert: 317 | that: 318 | - remove_pre_change.msg == "Delete Pre-change Job successful" 319 | - remove_pre_change_again.msg == "No such Pre-Change Job exists." 320 | -------------------------------------------------------------------------------- /tests/integration/targets/nae_compliance/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # Test code for the NAE modules 2 | # Copyright: (c) 2020, Cindy Zhao (cizhao) 3 | 4 | # GNU General Public License v3.0+ (see LICENSE or https://www.gnu.org/licenses/gpl-3.0.txt) 5 | 6 | - name: Test that we have an NAE host, NAE username and NAE password 7 | fail: 8 | msg: 'Please define the following variables: nae_host, nae_username and nae_password.' 9 | when: nae_host is not defined or nae_username is not defined or nae_password is not defined 10 | 11 | - name: Set vars 12 | set_fact: 13 | nae_info: &nae_info 14 | host: '{{ nae_host }}' 15 | username: '{{ nae_username }}' 16 | password: '{{ nae_password }}' 17 | validate_certs: '{{ nae_validate_certs | default(false) }}' 18 | 19 | - name: Get NAE Uploaded Files 20 | cisco.nae.nae_file_management: 21 | <<: *nae_info 22 | state: query 23 | register: nae_files 24 | 25 | - name: Disassociated requirement set from ag 26 | cisco.nae.nae_compliance: 27 | <<: *nae_info 28 | state: present 29 | selector: requirement_set 30 | ag_name: Change Management 31 | association_to_ag: False 32 | form: | 33 | { 34 | "name": "requirement_set_associated_ag", 35 | "description": "", 36 | "requirements": [ 37 | "bd_config_requirement" 38 | ] 39 | } 40 | ignore_errors: yes 41 | 42 | - name: Delete Requirement Sets 43 | cisco.nae.nae_compliance: 44 | <<: *nae_info 45 | name: "{{ item }}" 46 | state: absent 47 | selector: requirement_set 48 | loop: 49 | - ansible_comp_requirement_set_2 50 | - ansible_comp_requirement_set 51 | - requirement_set_associated_ag 52 | 53 | - name: Delete Requirements 54 | cisco.nae.nae_compliance: 55 | <<: *nae_info 56 | name: "{{ item }}" 57 | state: absent 58 | selector: requirement 59 | with_items: 60 | - ansible_comp_requirement 61 | - bd_config_requirement 62 | 63 | - name: Delete object selectors 64 | cisco.nae.nae_compliance: 65 | <<: *nae_info 66 | name: "{{ item }}" 67 | state: absent 68 | selector: object 69 | with_items: 70 | - DataBase 71 | - Web 72 | - ansible_object_selector 73 | - bds_in_non_prod 74 | 75 | - name: Delete traffic selectors 76 | cisco.nae.nae_compliance: 77 | <<: *nae_info 78 | name: "{{ item }}" 79 | state: absent 80 | selector: traffic 81 | with_items: 82 | - traffic_selector 83 | - FCOE_traffic_selector 84 | 85 | - name: Check whether AG Change Management exists 86 | cisco.nae.nae_ag: 87 | <<: *nae_info 88 | name: Change Management 89 | state: query 90 | register: check_ag 91 | 92 | - name: Create AG Change Management and do offline analysis if not existing 93 | include_tasks: create_ag.yml 94 | when: check_ag.msg is defined and check_ag.msg == "Assurance group Change Management does not exist" 95 | 96 | - name: Create an object selector 97 | cisco.nae.nae_compliance: 98 | <<: *nae_info 99 | state: present 100 | selector: object 101 | form: | 102 | { 103 | "name": "ansible_object_selector", 104 | "description": null, 105 | "includes": [ 106 | { 107 | "matches": [ 108 | { 109 | "application_epgmatch": { 110 | "object_attribute": "DN", 111 | "tenant": { 112 | "pattern": "NAE_Compliance", 113 | "type": "EXACT" 114 | }, 115 | "application_profile": { 116 | "pattern": "ComplianceIsGood", 117 | "type": "EXACT" 118 | }, 119 | "application_epg": { 120 | "pattern": "DataBase", 121 | "type": "EXACT" 122 | } 123 | } 124 | } 125 | ] 126 | } 127 | ], 128 | "excludes": [], 129 | "selector_type": "OST_EPG" 130 | } 131 | register: create_obj_selector 132 | 133 | - name: Create object selector again 134 | cisco.nae.nae_compliance: 135 | <<: *nae_info 136 | state: present 137 | selector: object 138 | form: | 139 | { 140 | "name": "ansible_object_selector", 141 | "description": null, 142 | "includes": [ 143 | { 144 | "matches": [ 145 | { 146 | "application_epgmatch": { 147 | "object_attribute": "DN", 148 | "tenant": { 149 | "pattern": "NAE_Compliance", 150 | "type": "EXACT" 151 | }, 152 | "application_profile": { 153 | "pattern": "ComplianceIsGood", 154 | "type": "EXACT" 155 | }, 156 | "application_epg": { 157 | "pattern": "DataBase", 158 | "type": "EXACT" 159 | } 160 | } 161 | } 162 | ] 163 | } 164 | ], 165 | "excludes": [], 166 | "selector_type": "OST_EPG" 167 | } 168 | register: create_obj_selector_again 169 | 170 | - name: Verify create_obj_selector and create_obj_selector_again 171 | assert: 172 | that: 173 | - create_obj_selector is changed 174 | - create_obj_selector_again is not changed 175 | 176 | - name: Update object selector 177 | cisco.nae.nae_compliance: 178 | <<: *nae_info 179 | state: present 180 | selector: object 181 | form: | 182 | { 183 | "name": "ansible_object_selector", 184 | "description": "update obj selector", 185 | "includes": [ 186 | { 187 | "matches": [ 188 | { 189 | "application_epgmatch": { 190 | "object_attribute": "DN", 191 | "tenant": { 192 | "pattern": "NAE_Compliance", 193 | "type": "EXACT" 194 | }, 195 | "application_profile": { 196 | "pattern": "ComplianceIsGood", 197 | "type": "EXACT" 198 | }, 199 | "application_epg": { 200 | "pattern": "DataBase", 201 | "type": "EXACT" 202 | } 203 | } 204 | } 205 | ] 206 | } 207 | ], 208 | "excludes": [], 209 | "selector_type": "OST_EPG" 210 | } 211 | register: update_obj_selector 212 | 213 | - name: Verify update_obj_selector 214 | assert: 215 | that: 216 | - update_obj_selector is changed 217 | 218 | - name: Create object selector for DataBase Tier 219 | cisco.nae.nae_compliance: 220 | <<: *nae_info 221 | state: present 222 | form: | 223 | { 224 | "name": "DataBase", 225 | "description": null, 226 | "includes": [ 227 | { 228 | "matches": [ 229 | { 230 | "application_epgmatch": { 231 | "object_attribute": "DN", 232 | "tenant": { 233 | "pattern": "nae-non-prod", 234 | "type": "EXACT" 235 | }, 236 | "application_profile": { 237 | "pattern": "payroll-ap", 238 | "type": "EXACT" 239 | }, 240 | "application_epg": { 241 | "pattern": "payroll-db-tier-epg", 242 | "type": "EXACT" 243 | } 244 | } 245 | } 246 | ] 247 | } 248 | ], 249 | "excludes": [], 250 | "selector_type": "OST_EPG" 251 | } 252 | register: create_db_selector 253 | 254 | - name: Create object selector for Web Tier 255 | cisco.nae.nae_compliance: 256 | <<: *nae_info 257 | state: present 258 | selector: object 259 | form: | 260 | { 261 | "name": "Web", 262 | "description": null, 263 | "includes": [ 264 | { 265 | "matches": [ 266 | { 267 | "application_epgmatch": { 268 | "object_attribute": "DN", 269 | "tenant": { 270 | "pattern": "nae-non-prod", 271 | "type": "EXACT" 272 | }, 273 | "application_profile": { 274 | "pattern": "payroll-ap", 275 | "type": "EXACT" 276 | }, 277 | "application_epg": { 278 | "pattern": "payroll-web-tier-epg", 279 | "type": "EXACT" 280 | } 281 | } 282 | } 283 | ] 284 | } 285 | ], 286 | "excludes": [], 287 | "selector_type": "OST_EPG" 288 | } 289 | register: create_web_selector 290 | 291 | - name: Create object selector for Bridge Domains 292 | cisco.nae.nae_compliance: 293 | <<: *nae_info 294 | state: present 295 | form: | 296 | { 297 | "name": "bds_in_non_prod", 298 | "description": null, 299 | "includes": [ 300 | { 301 | "matches": [ 302 | { 303 | "tenant_match": { 304 | "object_attribute": "DN", 305 | "tenant": { 306 | "pattern": "nae-non-prod", 307 | "type": "EXACT" 308 | } 309 | } 310 | } 311 | ] 312 | } 313 | ], 314 | "excludes": [], 315 | "selector_type": "OST_BD" 316 | } 317 | register: create_bd_selector 318 | 319 | - name: Verify create_db_selector, create_web_selector and create_bd_selector 320 | assert: 321 | that: 322 | - create_db_selector is changed 323 | - create_web_selector is changed 324 | - create_bd_selector is changed 325 | 326 | - name: Create a compliance requirement 327 | cisco.nae.nae_compliance: 328 | <<: *nae_info 329 | state: present 330 | selector: requirement 331 | form: | 332 | { 333 | "name": "ansible_comp_requirement", 334 | "config_compliance_parameter": { 335 | }, 336 | "epg_selector_a": "Web", 337 | "epg_selector_b": "DataBase", 338 | "requirement_type": "SEGMENTATION", 339 | "communication_type": "MUST_NOT", 340 | "is_all_traffic": false 341 | } 342 | register: create_req 343 | 344 | - name: Update compliance requirement 345 | cisco.nae.nae_compliance: 346 | <<: *nae_info 347 | state: present 348 | selector: requirement 349 | form: | 350 | { 351 | "name": "ansible_comp_requirement", 352 | "requirement_type": "SEGMENTATION", 353 | "epg_selector_a": "Web", 354 | "description":"update compliance req", 355 | "epg_selector_b": "DataBase", 356 | "communication_type": "MUST_NOT" 357 | } 358 | register: update_req 359 | 360 | - name: Verify update_req 361 | assert: 362 | that: 363 | - update_req is changed 364 | 365 | - name: Create Config Compliance Requirement for Web to DB communication 366 | cisco.nae.nae_compliance: 367 | <<: *nae_info 368 | state: present 369 | selector: requirement 370 | form: | 371 | { 372 | "name": "bd_config_requirement", 373 | "requirement_type": "CONFIGURATION_COMPLIANCE", 374 | "epg_selector_a": "bds_in_non_prod", 375 | "config_compliance_parameter": { 376 | "and_parameters": [ 377 | { 378 | "parameter": "CCP_L2_UNKNOWN_UNICAST", 379 | "value": "Hardware Proxy", 380 | "operator": "EQUAL_TO" 381 | }, 382 | { 383 | "parameter": "CCP_LIMIT_IP_LEARNING_TO_SUBNET", 384 | "value": "Yes", 385 | "operator": "EQUAL_TO" 386 | } 387 | ] 388 | } 389 | } 390 | register: create_bd_requirement 391 | 392 | - name: Create Config Compliance Requirement for Web to DB communication again 393 | cisco.nae.nae_compliance: 394 | <<: *nae_info 395 | state: present 396 | selector: requirement 397 | form: | 398 | { 399 | "name": "bd_config_requirement", 400 | "requirement_type": "CONFIGURATION_COMPLIANCE", 401 | "epg_selector_a": "bds_in_non_prod", 402 | "config_compliance_parameter": { 403 | "and_parameters": [ 404 | { 405 | "parameter": "CCP_L2_UNKNOWN_UNICAST", 406 | "value": "Hardware Proxy", 407 | "operator": "EQUAL_TO" 408 | }, 409 | { 410 | "parameter": "CCP_LIMIT_IP_LEARNING_TO_SUBNET", 411 | "value": "Yes", 412 | "operator": "EQUAL_TO" 413 | } 414 | ] 415 | } 416 | } 417 | register: create_bd_requirement_again 418 | 419 | - name: Verify create_req, create_bd_requirement and create_bd_requirement_again 420 | assert: 421 | that: 422 | - create_req is changed 423 | - create_bd_requirement is changed 424 | - create_bd_requirement_again is not changed 425 | 426 | - name: Create a compliance requirement set (not associated to ag) 427 | cisco.nae.nae_compliance: 428 | <<: *nae_info 429 | state: present 430 | selector: requirement_set 431 | ag_name: Change Management 432 | association_to_ag: False 433 | form: | 434 | { 435 | "name": "ansible_comp_requirement_set", 436 | "description": "", 437 | "requirements": [ 438 | "bd_config_requirement", 439 | "ansible_comp_requirement" 440 | ] 441 | } 442 | register: create_req_set 443 | 444 | - name: Create a compliance requirement set again(not associated to ag) 445 | cisco.nae.nae_compliance: 446 | <<: *nae_info 447 | state: present 448 | selector: requirement_set 449 | ag_name: Change Management 450 | association_to_ag: False 451 | form: | 452 | { 453 | "name": "ansible_comp_requirement_set", 454 | "description": "", 455 | "requirements": [ 456 | "bd_config_requirement", 457 | "ansible_comp_requirement" 458 | ] 459 | } 460 | register: create_req_set_again 461 | 462 | - name: Verify create_req_set_again 463 | assert: 464 | that: 465 | - create_req_set_again is not changed 466 | 467 | - name: Create a compliance requirement set (associated to ag and not active) 468 | cisco.nae.nae_compliance: 469 | <<: *nae_info 470 | state: present 471 | selector: requirement_set 472 | ag_name: Change Management 473 | active: false 474 | form: | 475 | { 476 | "name": "requirement_set_associated_ag", 477 | "description": "", 478 | "requirements": [ 479 | "bd_config_requirement" 480 | ] 481 | } 482 | 483 | - name: Update the compliance requirement set (associated to ag and active) 484 | cisco.nae.nae_compliance: 485 | <<: *nae_info 486 | state: present 487 | selector: requirement_set 488 | ag_name: Change Management 489 | form: | 490 | { 491 | "name": "requirement_set_associated_ag", 492 | "description": "", 493 | "requirements": [ 494 | "bd_config_requirement" 495 | ] 496 | } 497 | 498 | - name: Disassociated requirement set from ag 499 | cisco.nae.nae_compliance: 500 | <<: *nae_info 501 | state: present 502 | selector: requirement_set 503 | ag_name: Change Management 504 | association_to_ag: False 505 | form: | 506 | { 507 | "name": "requirement_set_associated_ag", 508 | "description": "", 509 | "requirements": [ 510 | "bd_config_requirement" 511 | ] 512 | } 513 | 514 | - name: Create another compliance requirement set (not associated to ag) 515 | cisco.nae.nae_compliance: 516 | <<: *nae_info 517 | state: present 518 | selector: requirement_set 519 | ag_name: Change Management 520 | association_to_ag: False 521 | form: | 522 | { 523 | "name": "ansible_comp_requirement_set_2", 524 | "requirements": [ 525 | "bd_config_requirement" 526 | ] 527 | } 528 | register: create_req_set_2 529 | 530 | - name: Verify create_req_set and create_req_set_2 531 | assert: 532 | that: 533 | - create_req_set is changed 534 | - create_req_set_2 is changed 535 | 536 | - name: Update compliance requirement set 537 | cisco.nae.nae_compliance: 538 | <<: *nae_info 539 | state: present 540 | selector: requirement_set 541 | ag_name: Change Management 542 | association_to_ag: False 543 | form: | 544 | { 545 | "name": "ansible_comp_requirement_set_2", 546 | "description": "Update requirement set", 547 | "requirements": [ 548 | "bd_config_requirement" 549 | ] 550 | } 551 | register: update_req_set 552 | 553 | - name: Verify update_req_set 554 | assert: 555 | that: 556 | - update_req_set is changed 557 | 558 | - name: Create a traffic selector 559 | cisco.nae.nae_compliance: 560 | <<: *nae_info 561 | state: present 562 | selector: traffic 563 | form: | 564 | { 565 | "name": "traffic_selector", 566 | "description": "This is a description", 567 | "includes": { 568 | "selectors": [ 569 | { 570 | "selectors": [ 571 | { 572 | "ether_type": "ARP" 573 | }, 574 | { 575 | "ether_type": "FCOE" 576 | }, 577 | { 578 | "ether_type": "IP", 579 | "ip_protocol": "EGP" 580 | }, 581 | { 582 | "ether_type": "MAC_SECURITY" 583 | }, 584 | { 585 | "ether_type": "MPLS_UNICAST" 586 | }, 587 | { 588 | "ether_type": "TRILL" 589 | } 590 | ] 591 | } 592 | ] 593 | } 594 | } 595 | register: create_traffic_selector 596 | 597 | - name: Create traffic selector again 598 | cisco.nae.nae_compliance: 599 | <<: *nae_info 600 | state: present 601 | selector: traffic 602 | form: | 603 | { 604 | "name": "traffic_selector", 605 | "description": "This is a description", 606 | "includes": { 607 | "selectors": [ 608 | { 609 | "selectors": [ 610 | { 611 | "ether_type": "ARP" 612 | }, 613 | { 614 | "ether_type": "FCOE" 615 | }, 616 | { 617 | "ether_type": "IP", 618 | "ip_protocol": "EGP" 619 | }, 620 | { 621 | "ether_type": "MAC_SECURITY" 622 | }, 623 | { 624 | "ether_type": "MPLS_UNICAST" 625 | }, 626 | { 627 | "ether_type": "TRILL" 628 | } 629 | ] 630 | } 631 | ] 632 | } 633 | } 634 | register: create_traffic_selector_again 635 | 636 | - name: Update the traffic selector 637 | cisco.nae.nae_compliance: 638 | <<: *nae_info 639 | state: present 640 | selector: traffic 641 | form: | 642 | { 643 | "name": "traffic_selector", 644 | "description": "Updated description", 645 | "includes": { 646 | "selectors": [ 647 | { 648 | "selectors": [ 649 | { 650 | "ether_type": "ARP" 651 | }, 652 | { 653 | "ether_type": "FCOE" 654 | }, 655 | { 656 | "ether_type": "IP", 657 | "ip_protocol": "EGP" 658 | }, 659 | { 660 | "ether_type": "MAC_SECURITY" 661 | }, 662 | { 663 | "ether_type": "MPLS_UNICAST" 664 | }, 665 | { 666 | "ether_type": "TRILL" 667 | } 668 | ] 669 | } 670 | ] 671 | } 672 | } 673 | register: update_traffic_selector 674 | 675 | - name: Verify update_traffic_selector and create_traffic_selector_again 676 | assert: 677 | that: 678 | - update_traffic_selector is changed 679 | - create_traffic_selector_again is not changed 680 | 681 | - name: Create another traffic selector 682 | cisco.nae.nae_compliance: 683 | <<: *nae_info 684 | state: present 685 | selector: traffic 686 | form: | 687 | { 688 | "name": "FCOE_traffic_selector", 689 | "description": "This is a description", 690 | "includes": { 691 | "selectors": [ 692 | { 693 | "selectors": [ 694 | { 695 | "ether_type": "FCOE" 696 | } 697 | ] 698 | } 699 | ] 700 | } 701 | } 702 | register: create_another_traffic_selector 703 | 704 | - name: Verify create_traffic_selector and create_another_traffic_selector 705 | assert: 706 | that: 707 | - create_another_traffic_selector is changed 708 | - create_traffic_selector is changed 709 | 710 | - name: Query for all object selectors 711 | cisco.nae.nae_compliance: 712 | <<: *nae_info 713 | state: query 714 | register: query_all_obj 715 | 716 | - name: Query for all traffic selectors 717 | cisco.nae.nae_compliance: 718 | <<: *nae_info 719 | state: query 720 | selector: traffic 721 | register: query_all_selector 722 | 723 | - name: Query for all requirements 724 | cisco.nae.nae_compliance: 725 | <<: *nae_info 726 | state: query 727 | selector: requirement 728 | register: query_all_req 729 | 730 | - name: Query for all requirement sets 731 | cisco.nae.nae_compliance: 732 | <<: *nae_info 733 | state: query 734 | selector: requirement_set 735 | register: query_all_req_set 736 | 737 | - name: Verify query_all_obj, query_all_req, query_all_req_set and query_all_selector 738 | assert: 739 | that: 740 | - query_all_obj is not changed 741 | - query_all_obj.Result | length >= 3 742 | - query_all_req is not changed 743 | - query_all_req.Result | length >= 2 744 | - query_all_req_set is not changed 745 | - query_all_req_set.Result | length >= 2 746 | 747 | - name: Query for specific object selector 748 | cisco.nae.nae_compliance: 749 | <<: *nae_info 750 | state: query 751 | name: DataBase 752 | register: query_obj_selector 753 | 754 | - name: Query for specific traffic selector 755 | cisco.nae.nae_compliance: 756 | <<: *nae_info 757 | state: query 758 | selector: traffic 759 | name: traffic_selector 760 | register: query_traffic_selector 761 | 762 | - name: Query for specific requirement 763 | cisco.nae.nae_compliance: 764 | <<: *nae_info 765 | state: query 766 | selector: requirement 767 | name: ansible_comp_requirement 768 | register: query_req 769 | 770 | - name: Query for specific requirement set 771 | cisco.nae.nae_compliance: 772 | <<: *nae_info 773 | state: query 774 | selector: requirement_set 775 | name: ansible_comp_requirement_set 776 | register: query_req_set 777 | 778 | - name: Verify query 779 | assert: 780 | that: 781 | - query_obj_selector is not changed 782 | - query_traffic_selector is not changed 783 | - query_req is not changed 784 | - query_req_set is not changed 785 | - query_obj_selector.Result.name == "DataBase" 786 | - query_obj_selector.Result.associated_requirements == ["ansible_comp_requirement"] 787 | - query_traffic_selector.Result.associated_requirements == [] 788 | - query_traffic_selector.Result.description == "Updated description" 789 | - query_traffic_selector.Result.name == "traffic_selector" 790 | - query_req.Result.communication_type == "MUST_NOT" 791 | - query_req.Result.epg_selector_a == "Web" 792 | - query_req.Result.epg_selector_b == "DataBase" 793 | - query_req.Result.name == "ansible_comp_requirement" 794 | - query_req.Result.requirement_type == "SEGMENTATION" 795 | - query_req_set.Result.associated == "no" 796 | - query_req_set.Result.assurance_groups == [] 797 | - query_req_set.Result.name == "ansible_comp_requirement_set" 798 | - query_req_set.Result.requirements | length == 2 799 | - query_req_set.Result.status == "inactive" 800 | 801 | - name: Remove traffic selector 802 | cisco.nae.nae_compliance: 803 | <<: *nae_info 804 | state: absent 805 | selector: traffic 806 | name: traffic_selector 807 | register: rm_traffic_selector 808 | 809 | - name: Remove requirement set 810 | cisco.nae.nae_compliance: 811 | <<: *nae_info 812 | state: absent 813 | selector: requirement_set 814 | name: ansible_comp_requirement_set 815 | register: rm_req_set 816 | 817 | - name: Remove requirement 818 | cisco.nae.nae_compliance: 819 | <<: *nae_info 820 | state: absent 821 | selector: requirement 822 | name: ansible_comp_requirement 823 | register: rm_req 824 | 825 | - name: Remove object selector 826 | cisco.nae.nae_compliance: 827 | <<: *nae_info 828 | state: absent 829 | name: ansible_object_selector 830 | register: rm_obj_selector 831 | 832 | - name: Verify rm_traffic_selector, rm_req_set, rm_req and rm_obj_selector 833 | assert: 834 | that: 835 | - rm_traffic_selector is changed 836 | - rm_traffic_selector.Result == "Traffic selector traffic_selector deleted" 837 | - rm_req_set is changed 838 | - rm_req_set.Result == "Requirement set ansible_comp_requirement_set deleted" 839 | - rm_req is changed 840 | - rm_req.Result == "Requirement ansible_comp_requirement deleted" 841 | - rm_obj_selector is changed 842 | - rm_obj_selector.Result == "Object selector ansible_object_selector deleted" 843 | 844 | - name: Query for non_existing object selector 845 | cisco.nae.nae_compliance: 846 | <<: *nae_info 847 | state: query 848 | name: non_existing_selector 849 | 850 | - name: Query for non_existing traffic selector 851 | cisco.nae.nae_compliance: 852 | <<: *nae_info 853 | state: query 854 | selector: traffic 855 | name: non_existing_traffic_selector 856 | 857 | - name: Query for non_existing requirement 858 | cisco.nae.nae_compliance: 859 | <<: *nae_info 860 | state: query 861 | selector: requirement 862 | name: non_existing_ansible_comp_requirement 863 | 864 | - name: Query for non_existing requirement set 865 | cisco.nae.nae_compliance: 866 | <<: *nae_info 867 | state: query 868 | selector: requirement_set 869 | name: non_existing_ansible_comp_requirement_set 870 | 871 | - name: Remove for non_existing object selector 872 | cisco.nae.nae_compliance: 873 | <<: *nae_info 874 | state: absent 875 | name: non_existing_selector 876 | register: rm_non_existing_obj_selector 877 | 878 | - name: Remove for non_existing traffic selector 879 | cisco.nae.nae_compliance: 880 | <<: *nae_info 881 | state: absent 882 | selector: traffic 883 | name: non_existing_traffic_selector 884 | register: rm_non_existing_traffic_selector 885 | 886 | - name: Remove for non_existing requirement 887 | cisco.nae.nae_compliance: 888 | <<: *nae_info 889 | state: absent 890 | selector: requirement 891 | name: non_existing_ansible_comp_requirement 892 | register: rm_non_existing_req 893 | 894 | - name: Remove for non_existing requirement set 895 | cisco.nae.nae_compliance: 896 | <<: *nae_info 897 | state: absent 898 | selector: requirement_set 899 | name: non_existing_ansible_comp_requirement_set 900 | register: rm_non_existing_req_set 901 | 902 | - name: Use incorrect params 903 | cisco.nae.nae_compliance: 904 | <<: *nae_info 905 | state: modify 906 | selector: traffic 907 | ignore_errors: yes 908 | register: incorrect_params 909 | 910 | - name: Verify removing non_existing selectors 911 | assert: 912 | that: 913 | - rm_non_existing_obj_selector is not changed 914 | - rm_non_existing_obj_selector.Result == [] 915 | - rm_non_existing_obj_selector.msg == "WARNING{{':'}} Object selector non_existing_selector does not exist!!!" 916 | - rm_non_existing_req is not changed 917 | - rm_non_existing_req.Result == [] 918 | - rm_non_existing_req.msg == "WARNING{{':'}} Requirement non_existing_ansible_comp_requirement does not exist!!!" 919 | - rm_non_existing_traffic_selector is not changed 920 | - rm_non_existing_traffic_selector.Result == [] 921 | - rm_non_existing_traffic_selector.msg == "WARNING{{':'}} Traffic selector non_existing_traffic_selector does not exist!!!" 922 | - rm_non_existing_req_set is not changed 923 | - rm_non_existing_req_set.Result == [] 924 | - rm_non_existing_req_set.msg == "WARNING{{':'}} Requirement set non_existing_ansible_comp_requirement_set does not exist!!!" 925 | 926 | - name: Verify incorrect_params 927 | assert: 928 | that: 929 | - incorrect_params is not changed 930 | - incorrect_params.msg == "Incorrect parameters passed" 931 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2019, Cisco Systems 2 | All rights reserved. 3 | 4 | GNU GENERAL PUBLIC LICENSE 5 | Version 3, 29 June 2007 6 | 7 | Copyright (C) 2007 Free Software Foundation, Inc. 8 | Everyone is permitted to copy and distribute verbatim copies 9 | of this license document, but changing it is not allowed. 10 | 11 | Preamble 12 | 13 | The GNU General Public License is a free, copyleft license for 14 | software and other kinds of works. 15 | 16 | The licenses for most software and other practical works are designed 17 | to take away your freedom to share and change the works. By contrast, 18 | the GNU General Public License is intended to guarantee your freedom to 19 | share and change all versions of a program--to make sure it remains free 20 | software for all its users. We, the Free Software Foundation, use the 21 | GNU General Public License for most of our software; it applies also to 22 | any other work released this way by its authors. You can apply it to 23 | your programs, too. 24 | 25 | When we speak of free software, we are referring to freedom, not 26 | price. Our General Public Licenses are designed to make sure that you 27 | have the freedom to distribute copies of free software (and charge for 28 | them if you wish), that you receive source code or can get it if you 29 | want it, that you can change the software or use pieces of it in new 30 | free programs, and that you know you can do these things. 31 | 32 | To protect your rights, we need to prevent others from denying you 33 | these rights or asking you to surrender the rights. Therefore, you have 34 | certain responsibilities if you distribute copies of the software, or if 35 | you modify it: responsibilities to respect the freedom of others. 36 | 37 | For example, if you distribute copies of such a program, whether 38 | gratis or for a fee, you must pass on to the recipients the same 39 | freedoms that you received. You must make sure that they, too, receive 40 | or can get the source code. And you must show them these terms so they 41 | know their rights. 42 | 43 | Developers that use the GNU GPL protect your rights with two steps: 44 | (1) assert copyright on the software, and (2) offer you this License 45 | giving you legal permission to copy, distribute and/or modify it. 46 | 47 | For the developers' and authors' protection, the GPL clearly explains 48 | that there is no warranty for this free software. For both users' and 49 | authors' sake, the GPL requires that modified versions be marked as 50 | changed, so that their problems will not be attributed erroneously to 51 | authors of previous versions. 52 | 53 | Some devices are designed to deny users access to install or run 54 | modified versions of the software inside them, although the manufacturer 55 | can do so. This is fundamentally incompatible with the aim of 56 | protecting users' freedom to change the software. The systematic 57 | pattern of such abuse occurs in the area of products for individuals to 58 | use, which is precisely where it is most unacceptable. Therefore, we 59 | have designed this version of the GPL to prohibit the practice for those 60 | products. If such problems arise substantially in other domains, we 61 | stand ready to extend this provision to those domains in future versions 62 | of the GPL, as needed to protect the freedom of users. 63 | 64 | Finally, every program is threatened constantly by software patents. 65 | States should not allow patents to restrict development and use of 66 | software on general-purpose computers, but in those that do, we wish to 67 | avoid the special danger that patents applied to a free program could 68 | make it effectively proprietary. To prevent this, the GPL assures that 69 | patents cannot be used to render the program non-free. 70 | 71 | The precise terms and conditions for copying, distribution and 72 | modification follow. 73 | 74 | TERMS AND CONDITIONS 75 | 76 | 0. Definitions. 77 | 78 | "This License" refers to version 3 of the GNU General Public License. 79 | 80 | "Copyright" also means copyright-like laws that apply to other kinds of 81 | works, such as semiconductor masks. 82 | 83 | "The Program" refers to any copyrightable work licensed under this 84 | License. Each licensee is addressed as "you". "Licensees" and 85 | "recipients" may be individuals or organizations. 86 | 87 | To "modify" a work means to copy from or adapt all or part of the work 88 | in a fashion requiring copyright permission, other than the making of an 89 | exact copy. The resulting work is called a "modified version" of the 90 | earlier work or a work "based on" the earlier work. 91 | 92 | A "covered work" means either the unmodified Program or a work based 93 | on the Program. 94 | 95 | To "propagate" a work means to do anything with it that, without 96 | permission, would make you directly or secondarily liable for 97 | infringement under applicable copyright law, except executing it on a 98 | computer or modifying a private copy. Propagation includes copying, 99 | distribution (with or without modification), making available to the 100 | public, and in some countries other activities as well. 101 | 102 | To "convey" a work means any kind of propagation that enables other 103 | parties to make or receive copies. Mere interaction with a user through 104 | a computer network, with no transfer of a copy, is not conveying. 105 | 106 | An interactive user interface displays "Appropriate Legal Notices" 107 | to the extent that it includes a convenient and prominently visible 108 | feature that (1) displays an appropriate copyright notice, and (2) 109 | tells the user that there is no warranty for the work (except to the 110 | extent that warranties are provided), that licensees may convey the 111 | work under this License, and how to view a copy of this License. If 112 | the interface presents a list of user commands or options, such as a 113 | menu, a prominent item in the list meets this criterion. 114 | 115 | 1. Source Code. 116 | 117 | The "source code" for a work means the preferred form of the work 118 | for making modifications to it. "Object code" means any non-source 119 | form of a work. 120 | 121 | A "Standard Interface" means an interface that either is an official 122 | standard defined by a recognized standards body, or, in the case of 123 | interfaces specified for a particular programming language, one that 124 | is widely used among developers working in that language. 125 | 126 | The "System Libraries" of an executable work include anything, other 127 | than the work as a whole, that (a) is included in the normal form of 128 | packaging a Major Component, but which is not part of that Major 129 | Component, and (b) serves only to enable use of the work with that 130 | Major Component, or to implement a Standard Interface for which an 131 | implementation is available to the public in source code form. A 132 | "Major Component", in this context, means a major essential component 133 | (kernel, window system, and so on) of the specific operating system 134 | (if any) on which the executable work runs, or a compiler used to 135 | produce the work, or an object code interpreter used to run it. 136 | 137 | The "Corresponding Source" for a work in object code form means all 138 | the source code needed to generate, install, and (for an executable 139 | work) run the object code and to modify the work, including scripts to 140 | control those activities. However, it does not include the work's 141 | System Libraries, or general-purpose tools or generally available free 142 | programs which are used unmodified in performing those activities but 143 | which are not part of the work. For example, Corresponding Source 144 | includes interface definition files associated with source files for 145 | the work, and the source code for shared libraries and dynamically 146 | linked subprograms that the work is specifically designed to require, 147 | such as by intimate data communication or control flow between those 148 | subprograms and other parts of the work. 149 | 150 | The Corresponding Source need not include anything that users 151 | can regenerate automatically from other parts of the Corresponding 152 | Source. 153 | 154 | The Corresponding Source for a work in source code form is that 155 | same work. 156 | 157 | 2. Basic Permissions. 158 | 159 | All rights granted under this License are granted for the term of 160 | copyright on the Program, and are irrevocable provided the stated 161 | conditions are met. This License explicitly affirms your unlimited 162 | permission to run the unmodified Program. The output from running a 163 | covered work is covered by this License only if the output, given its 164 | content, constitutes a covered work. This License acknowledges your 165 | rights of fair use or other equivalent, as provided by copyright law. 166 | 167 | You may make, run and propagate covered works that you do not 168 | convey, without conditions so long as your license otherwise remains 169 | in force. You may convey covered works to others for the sole purpose 170 | of having them make modifications exclusively for you, or provide you 171 | with facilities for running those works, provided that you comply with 172 | the terms of this License in conveying all material for which you do 173 | not control copyright. Those thus making or running the covered works 174 | for you must do so exclusively on your behalf, under your direction 175 | and control, on terms that prohibit them from making any copies of 176 | your copyrighted material outside their relationship with you. 177 | 178 | Conveying under any other circumstances is permitted solely under 179 | the conditions stated below. Sublicensing is not allowed; section 10 180 | makes it unnecessary. 181 | 182 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 183 | 184 | No covered work shall be deemed part of an effective technological 185 | measure under any applicable law fulfilling obligations under article 186 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 187 | similar laws prohibiting or restricting circumvention of such 188 | measures. 189 | 190 | When you convey a covered work, you waive any legal power to forbid 191 | circumvention of technological measures to the extent such circumvention 192 | is effected by exercising rights under this License with respect to 193 | the covered work, and you disclaim any intention to limit operation or 194 | modification of the work as a means of enforcing, against the work's 195 | users, your or third parties' legal rights to forbid circumvention of 196 | technological measures. 197 | 198 | 4. Conveying Verbatim Copies. 199 | 200 | You may convey verbatim copies of the Program's source code as you 201 | receive it, in any medium, provided that you conspicuously and 202 | appropriately publish on each copy an appropriate copyright notice; 203 | keep intact all notices stating that this License and any 204 | non-permissive terms added in accord with section 7 apply to the code; 205 | keep intact all notices of the absence of any warranty; and give all 206 | recipients a copy of this License along with the Program. 207 | 208 | You may charge any price or no price for each copy that you convey, 209 | and you may offer support or warranty protection for a fee. 210 | 211 | 5. Conveying Modified Source Versions. 212 | 213 | You may convey a work based on the Program, or the modifications to 214 | produce it from the Program, in the form of source code under the 215 | terms of section 4, provided that you also meet all of these conditions: 216 | 217 | a) The work must carry prominent notices stating that you modified 218 | it, and giving a relevant date. 219 | 220 | b) The work must carry prominent notices stating that it is 221 | released under this License and any conditions added under section 222 | 7. This requirement modifies the requirement in section 4 to 223 | "keep intact all notices". 224 | 225 | c) You must license the entire work, as a whole, under this 226 | License to anyone who comes into possession of a copy. This 227 | License will therefore apply, along with any applicable section 7 228 | additional terms, to the whole of the work, and all its parts, 229 | regardless of how they are packaged. This License gives no 230 | permission to license the work in any other way, but it does not 231 | invalidate such permission if you have separately received it. 232 | 233 | d) If the work has interactive user interfaces, each must display 234 | Appropriate Legal Notices; however, if the Program has interactive 235 | interfaces that do not display Appropriate Legal Notices, your 236 | work need not make them do so. 237 | 238 | A compilation of a covered work with other separate and independent 239 | works, which are not by their nature extensions of the covered work, 240 | and which are not combined with it such as to form a larger program, 241 | in or on a volume of a storage or distribution medium, is called an 242 | "aggregate" if the compilation and its resulting copyright are not 243 | used to limit the access or legal rights of the compilation's users 244 | beyond what the individual works permit. Inclusion of a covered work 245 | in an aggregate does not cause this License to apply to the other 246 | parts of the aggregate. 247 | 248 | 6. Conveying Non-Source Forms. 249 | 250 | You may convey a covered work in object code form under the terms 251 | of sections 4 and 5, provided that you also convey the 252 | machine-readable Corresponding Source under the terms of this License, 253 | in one of these ways: 254 | 255 | a) Convey the object code in, or embodied in, a physical product 256 | (including a physical distribution medium), accompanied by the 257 | Corresponding Source fixed on a durable physical medium 258 | customarily used for software interchange. 259 | 260 | b) Convey the object code in, or embodied in, a physical product 261 | (including a physical distribution medium), accompanied by a 262 | written offer, valid for at least three years and valid for as 263 | long as you offer spare parts or customer support for that product 264 | model, to give anyone who possesses the object code either (1) a 265 | copy of the Corresponding Source for all the software in the 266 | product that is covered by this License, on a durable physical 267 | medium customarily used for software interchange, for a price no 268 | more than your reasonable cost of physically performing this 269 | conveying of source, or (2) access to copy the 270 | Corresponding Source from a network server at no charge. 271 | 272 | c) Convey individual copies of the object code with a copy of the 273 | written offer to provide the Corresponding Source. This 274 | alternative is allowed only occasionally and noncommercially, and 275 | only if you received the object code with such an offer, in accord 276 | with subsection 6b. 277 | 278 | d) Convey the object code by offering access from a designated 279 | place (gratis or for a charge), and offer equivalent access to the 280 | Corresponding Source in the same way through the same place at no 281 | further charge. You need not require recipients to copy the 282 | Corresponding Source along with the object code. If the place to 283 | copy the object code is a network server, the Corresponding Source 284 | may be on a different server (operated by you or a third party) 285 | that supports equivalent copying facilities, provided you maintain 286 | clear directions next to the object code saying where to find the 287 | Corresponding Source. Regardless of what server hosts the 288 | Corresponding Source, you remain obligated to ensure that it is 289 | available for as long as needed to satisfy these requirements. 290 | 291 | e) Convey the object code using peer-to-peer transmission, provided 292 | you inform other peers where the object code and Corresponding 293 | Source of the work are being offered to the general public at no 294 | charge under subsection 6d. 295 | 296 | A separable portion of the object code, whose source code is excluded 297 | from the Corresponding Source as a System Library, need not be 298 | included in conveying the object code work. 299 | 300 | A "User Product" is either (1) a "consumer product", which means any 301 | tangible personal property which is normally used for personal, family, 302 | or household purposes, or (2) anything designed or sold for incorporation 303 | into a dwelling. In determining whether a product is a consumer product, 304 | doubtful cases shall be resolved in favor of coverage. For a particular 305 | product received by a particular user, "normally used" refers to a 306 | typical or common use of that class of product, regardless of the status 307 | of the particular user or of the way in which the particular user 308 | actually uses, or expects or is expected to use, the product. A product 309 | is a consumer product regardless of whether the product has substantial 310 | commercial, industrial or non-consumer uses, unless such uses represent 311 | the only significant mode of use of the product. 312 | 313 | "Installation Information" for a User Product means any methods, 314 | procedures, authorization keys, or other information required to install 315 | and execute modified versions of a covered work in that User Product from 316 | a modified version of its Corresponding Source. The information must 317 | suffice to ensure that the continued functioning of the modified object 318 | code is in no case prevented or interfered with solely because 319 | modification has been made. 320 | 321 | If you convey an object code work under this section in, or with, or 322 | specifically for use in, a User Product, and the conveying occurs as 323 | part of a transaction in which the right of possession and use of the 324 | User Product is transferred to the recipient in perpetuity or for a 325 | fixed term (regardless of how the transaction is characterized), the 326 | Corresponding Source conveyed under this section must be accompanied 327 | by the Installation Information. But this requirement does not apply 328 | if neither you nor any third party retains the ability to install 329 | modified object code on the User Product (for example, the work has 330 | been installed in ROM). 331 | 332 | The requirement to provide Installation Information does not include a 333 | requirement to continue to provide support service, warranty, or updates 334 | for a work that has been modified or installed by the recipient, or for 335 | the User Product in which it has been modified or installed. Access to a 336 | network may be denied when the modification itself materially and 337 | adversely affects the operation of the network or violates the rules and 338 | protocols for communication across the network. 339 | 340 | Corresponding Source conveyed, and Installation Information provided, 341 | in accord with this section must be in a format that is publicly 342 | documented (and with an implementation available to the public in 343 | source code form), and must require no special password or key for 344 | unpacking, reading or copying. 345 | 346 | 7. Additional Terms. 347 | 348 | "Additional permissions" are terms that supplement the terms of this 349 | License by making exceptions from one or more of its conditions. 350 | Additional permissions that are applicable to the entire Program shall 351 | be treated as though they were included in this License, to the extent 352 | that they are valid under applicable law. If additional permissions 353 | apply only to part of the Program, that part may be used separately 354 | under those permissions, but the entire Program remains governed by 355 | this License without regard to the additional permissions. 356 | 357 | When you convey a copy of a covered work, you may at your option 358 | remove any additional permissions from that copy, or from any part of 359 | it. (Additional permissions may be written to require their own 360 | removal in certain cases when you modify the work.) You may place 361 | additional permissions on material, added by you to a covered work, 362 | for which you have or can give appropriate copyright permission. 363 | 364 | Notwithstanding any other provision of this License, for material you 365 | add to a covered work, you may (if authorized by the copyright holders of 366 | that material) supplement the terms of this License with terms: 367 | 368 | a) Disclaiming warranty or limiting liability differently from the 369 | terms of sections 15 and 16 of this License; or 370 | 371 | b) Requiring preservation of specified reasonable legal notices or 372 | author attributions in that material or in the Appropriate Legal 373 | Notices displayed by works containing it; or 374 | 375 | c) Prohibiting misrepresentation of the origin of that material, or 376 | requiring that modified versions of such material be marked in 377 | reasonable ways as different from the original version; or 378 | 379 | d) Limiting the use for publicity purposes of names of licensors or 380 | authors of the material; or 381 | 382 | e) Declining to grant rights under trademark law for use of some 383 | trade names, trademarks, or service marks; or 384 | 385 | f) Requiring indemnification of licensors and authors of that 386 | material by anyone who conveys the material (or modified versions of 387 | it) with contractual assumptions of liability to the recipient, for 388 | any liability that these contractual assumptions directly impose on 389 | those licensors and authors. 390 | 391 | All other non-permissive additional terms are considered "further 392 | restrictions" within the meaning of section 10. If the Program as you 393 | received it, or any part of it, contains a notice stating that it is 394 | governed by this License along with a term that is a further 395 | restriction, you may remove that term. If a license document contains 396 | a further restriction but permits relicensing or conveying under this 397 | License, you may add to a covered work material governed by the terms 398 | of that license document, provided that the further restriction does 399 | not survive such relicensing or conveying. 400 | 401 | If you add terms to a covered work in accord with this section, you 402 | must place, in the relevant source files, a statement of the 403 | additional terms that apply to those files, or a notice indicating 404 | where to find the applicable terms. 405 | 406 | Additional terms, permissive or non-permissive, may be stated in the 407 | form of a separately written license, or stated as exceptions; 408 | the above requirements apply either way. 409 | 410 | 8. Termination. 411 | 412 | You may not propagate or modify a covered work except as expressly 413 | provided under this License. Any attempt otherwise to propagate or 414 | modify it is void, and will automatically terminate your rights under 415 | this License (including any patent licenses granted under the third 416 | paragraph of section 11). 417 | 418 | However, if you cease all violation of this License, then your 419 | license from a particular copyright holder is reinstated (a) 420 | provisionally, unless and until the copyright holder explicitly and 421 | finally terminates your license, and (b) permanently, if the copyright 422 | holder fails to notify you of the violation by some reasonable means 423 | prior to 60 days after the cessation. 424 | 425 | Moreover, your license from a particular copyright holder is 426 | reinstated permanently if the copyright holder notifies you of the 427 | violation by some reasonable means, this is the first time you have 428 | received notice of violation of this License (for any work) from that 429 | copyright holder, and you cure the violation prior to 30 days after 430 | your receipt of the notice. 431 | 432 | Termination of your rights under this section does not terminate the 433 | licenses of parties who have received copies or rights from you under 434 | this License. If your rights have been terminated and not permanently 435 | reinstated, you do not qualify to receive new licenses for the same 436 | material under section 10. 437 | 438 | 9. Acceptance Not Required for Having Copies. 439 | 440 | You are not required to accept this License in order to receive or 441 | run a copy of the Program. Ancillary propagation of a covered work 442 | occurring solely as a consequence of using peer-to-peer transmission 443 | to receive a copy likewise does not require acceptance. However, 444 | nothing other than this License grants you permission to propagate or 445 | modify any covered work. These actions infringe copyright if you do 446 | not accept this License. Therefore, by modifying or propagating a 447 | covered work, you indicate your acceptance of this License to do so. 448 | 449 | 10. Automatic Licensing of Downstream Recipients. 450 | 451 | Each time you convey a covered work, the recipient automatically 452 | receives a license from the original licensors, to run, modify and 453 | propagate that work, subject to this License. You are not responsible 454 | for enforcing compliance by third parties with this License. 455 | 456 | An "entity transaction" is a transaction transferring control of an 457 | organization, or substantially all assets of one, or subdividing an 458 | organization, or merging organizations. If propagation of a covered 459 | work results from an entity transaction, each party to that 460 | transaction who receives a copy of the work also receives whatever 461 | licenses to the work the party's predecessor in interest had or could 462 | give under the previous paragraph, plus a right to possession of the 463 | Corresponding Source of the work from the predecessor in interest, if 464 | the predecessor has it or can get it with reasonable efforts. 465 | 466 | You may not impose any further restrictions on the exercise of the 467 | rights granted or affirmed under this License. For example, you may 468 | not impose a license fee, royalty, or other charge for exercise of 469 | rights granted under this License, and you may not initiate litigation 470 | (including a cross-claim or counterclaim in a lawsuit) alleging that 471 | any patent claim is infringed by making, using, selling, offering for 472 | sale, or importing the Program or any portion of it. 473 | 474 | 11. Patents. 475 | 476 | A "contributor" is a copyright holder who authorizes use under this 477 | License of the Program or a work on which the Program is based. The 478 | work thus licensed is called the contributor's "contributor version". 479 | 480 | A contributor's "essential patent claims" are all patent claims 481 | owned or controlled by the contributor, whether already acquired or 482 | hereafter acquired, that would be infringed by some manner, permitted 483 | by this License, of making, using, or selling its contributor version, 484 | but do not include claims that would be infringed only as a 485 | consequence of further modification of the contributor version. For 486 | purposes of this definition, "control" includes the right to grant 487 | patent sublicenses in a manner consistent with the requirements of 488 | this License. 489 | 490 | Each contributor grants you a non-exclusive, worldwide, royalty-free 491 | patent license under the contributor's essential patent claims, to 492 | make, use, sell, offer for sale, import and otherwise run, modify and 493 | propagate the contents of its contributor version. 494 | 495 | In the following three paragraphs, a "patent license" is any express 496 | agreement or commitment, however denominated, not to enforce a patent 497 | (such as an express permission to practice a patent or covenant not to 498 | sue for patent infringement). To "grant" such a patent license to a 499 | party means to make such an agreement or commitment not to enforce a 500 | patent against the party. 501 | 502 | If you convey a covered work, knowingly relying on a patent license, 503 | and the Corresponding Source of the work is not available for anyone 504 | to copy, free of charge and under the terms of this License, through a 505 | publicly available network server or other readily accessible means, 506 | then you must either (1) cause the Corresponding Source to be so 507 | available, or (2) arrange to deprive yourself of the benefit of the 508 | patent license for this particular work, or (3) arrange, in a manner 509 | consistent with the requirements of this License, to extend the patent 510 | license to downstream recipients. "Knowingly relying" means you have 511 | actual knowledge that, but for the patent license, your conveying the 512 | covered work in a country, or your recipient's use of the covered work 513 | in a country, would infringe one or more identifiable patents in that 514 | country that you have reason to believe are valid. 515 | 516 | If, pursuant to or in connection with a single transaction or 517 | arrangement, you convey, or propagate by procuring conveyance of, a 518 | covered work, and grant a patent license to some of the parties 519 | receiving the covered work authorizing them to use, propagate, modify 520 | or convey a specific copy of the covered work, then the patent license 521 | you grant is automatically extended to all recipients of the covered 522 | work and works based on it. 523 | 524 | A patent license is "discriminatory" if it does not include within 525 | the scope of its coverage, prohibits the exercise of, or is 526 | conditioned on the non-exercise of one or more of the rights that are 527 | specifically granted under this License. You may not convey a covered 528 | work if you are a party to an arrangement with a third party that is 529 | in the business of distributing software, under which you make payment 530 | to the third party based on the extent of your activity of conveying 531 | the work, and under which the third party grants, to any of the 532 | parties who would receive the covered work from you, a discriminatory 533 | patent license (a) in connection with copies of the covered work 534 | conveyed by you (or copies made from those copies), or (b) primarily 535 | for and in connection with specific products or compilations that 536 | contain the covered work, unless you entered into that arrangement, 537 | or that patent license was granted, prior to 28 March 2007. 538 | 539 | Nothing in this License shall be construed as excluding or limiting 540 | any implied license or other defenses to infringement that may 541 | otherwise be available to you under applicable patent law. 542 | 543 | 12. No Surrender of Others' Freedom. 544 | 545 | If conditions are imposed on you (whether by court order, agreement or 546 | otherwise) that contradict the conditions of this License, they do not 547 | excuse you from the conditions of this License. If you cannot convey a 548 | covered work so as to satisfy simultaneously your obligations under this 549 | License and any other pertinent obligations, then as a consequence you may 550 | not convey it at all. For example, if you agree to terms that obligate you 551 | to collect a royalty for further conveying from those to whom you convey 552 | the Program, the only way you could satisfy both those terms and this 553 | License would be to refrain entirely from conveying the Program. 554 | 555 | 13. Use with the GNU Affero General Public License. 556 | 557 | Notwithstanding any other provision of this License, you have 558 | permission to link or combine any covered work with a work licensed 559 | under version 3 of the GNU Affero General Public License into a single 560 | combined work, and to convey the resulting work. The terms of this 561 | License will continue to apply to the part which is the covered work, 562 | but the special requirements of the GNU Affero General Public License, 563 | section 13, concerning interaction through a network will apply to the 564 | combination as such. 565 | 566 | 14. Revised Versions of this License. 567 | 568 | The Free Software Foundation may publish revised and/or new versions of 569 | the GNU General Public License from time to time. Such new versions will 570 | be similar in spirit to the present version, but may differ in detail to 571 | address new problems or concerns. 572 | 573 | Each version is given a distinguishing version number. If the 574 | Program specifies that a certain numbered version of the GNU General 575 | Public License "or any later version" applies to it, you have the 576 | option of following the terms and conditions either of that numbered 577 | version or of any later version published by the Free Software 578 | Foundation. If the Program does not specify a version number of the 579 | GNU General Public License, you may choose any version ever published 580 | by the Free Software Foundation. 581 | 582 | If the Program specifies that a proxy can decide which future 583 | versions of the GNU General Public License can be used, that proxy's 584 | public statement of acceptance of a version permanently authorizes you 585 | to choose that version for the Program. 586 | 587 | Later license versions may give you additional or different 588 | permissions. However, no additional obligations are imposed on any 589 | author or copyright holder as a result of your choosing to follow a 590 | later version. 591 | 592 | 15. Disclaimer of Warranty. 593 | 594 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 595 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 596 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 597 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 598 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 599 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 600 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 601 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 602 | 603 | 16. Limitation of Liability. 604 | 605 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 606 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 607 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 608 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 609 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 610 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 611 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 612 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 613 | SUCH DAMAGES. 614 | 615 | 17. Interpretation of Sections 15 and 16. 616 | 617 | If the disclaimer of warranty and limitation of liability provided 618 | above cannot be given local legal effect according to their terms, 619 | reviewing courts shall apply local law that most closely approximates 620 | an absolute waiver of all civil liability in connection with the 621 | Program, unless a warranty or assumption of liability accompanies a 622 | copy of the Program in return for a fee. 623 | 624 | END OF TERMS AND CONDITIONS 625 | 626 | How to Apply These Terms to Your New Programs 627 | 628 | If you develop a new program, and you want it to be of the greatest 629 | possible use to the public, the best way to achieve this is to make it 630 | free software which everyone can redistribute and change under these terms. 631 | 632 | To do so, attach the following notices to the program. It is safest 633 | to attach them to the start of each source file to most effectively 634 | state the exclusion of warranty; and each file should have at least 635 | the "copyright" line and a pointer to where the full notice is found. 636 | 637 | 638 | Copyright (C) 639 | 640 | This program is free software: you can redistribute it and/or modify 641 | it under the terms of the GNU General Public License as published by 642 | the Free Software Foundation, either version 3 of the License, or 643 | (at your option) any later version. 644 | 645 | This program is distributed in the hope that it will be useful, 646 | but WITHOUT ANY WARRANTY; without even the implied warranty of 647 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 648 | GNU General Public License for more details. 649 | 650 | You should have received a copy of the GNU General Public License 651 | along with this program. If not, see . 652 | 653 | Also add information on how to contact you by electronic and paper mail. 654 | 655 | If the program does terminal interaction, make it output a short 656 | notice like this when it starts in an interactive mode: 657 | 658 | Copyright (C) 659 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 660 | This is free software, and you are welcome to redistribute it 661 | under certain conditions; type `show c' for details. 662 | 663 | The hypothetical commands `show w' and `show c' should show the appropriate 664 | parts of the General Public License. Of course, your program's commands 665 | might be different; for a GUI interface, you would use an "about box". 666 | 667 | You should also get your employer (if you work as a programmer) or school, 668 | if any, to sign a "copyright disclaimer" for the program, if necessary. 669 | For more information on this, and how to apply and follow the GNU GPL, see 670 | . 671 | 672 | The GNU General Public License does not permit incorporating your program 673 | into proprietary programs. If your program is a subroutine library, you 674 | may consider it more useful to permit linking proprietary applications with 675 | the library. If this is what you want to do, use the GNU Lesser General 676 | Public License instead of this License. But first, please read 677 | . 678 | 679 | --------------------------------------------------------------------------------