@ -34,6 +34,7 @@ HAS_PANDEVICE = True
try : try :
import pandevice
import pandevice
from pandevice . base import PanDevice
from pandevice . base import PanDevice
from pandevice . firewall import Firewall
from pandevice . panorama import DeviceGroup , Template , TemplateStack
from pandevice . panorama import DeviceGroup , Template , TemplateStack
from pandevice . policies import PreRulebase , PostRulebase , Rulebase
from pandevice . policies import PreRulebase , PostRulebase , Rulebase
from pandevice . device import Vsys
from pandevice . device import Vsys
@ -95,21 +96,32 @@ class ConnectionHelper(object):
' pandevice ' , pandevice . __version__ ,
' pandevice ' , pandevice . __version__ ,
_vstr ( self . min_pandevice_version ) ) )
_vstr ( self . min_pandevice_version ) ) )
d , host_arg = None , None
pan_device_auth , serial_number = None , None
if module . params [ ' provider ' ] and module . params [ ' provider ' ] [ ' host ' ] :
if module . params [ ' provider ' ] and module . params [ ' provider ' ] [ ' ip_address ' ] :
d = module . params [ ' provider ' ]
pan_device_auth = (
host_arg = ' host '
module . params [ ' provider ' ] [ ' ip_address ' ] ,
elif module . params [ ' ip_address ' ] is not None :
module . params [ ' provider ' ] [ ' username ' ] ,
d = module . params
module . params [ ' provider ' ] [ ' password ' ] ,
host_arg = ' ip_address '
module . params [ ' provider ' ] [ ' api_key ' ] ,
module . params [ ' provider ' ] [ ' port ' ] ,
)
serial_number = module . params [ ' provider ' ] [ ' serial_number ' ]
elif module . params . get ( ' ip_address ' , None ) is not None :
pan_device_auth = (
module . params [ ' ip_address ' ] ,
module . params [ ' username ' ] ,
module . params [ ' password ' ] ,
module . params [ ' api_key ' ] ,
module . params [ ' port ' ] ,
)
msg = ' Classic provider params are deprecated; use " provider " instead '
module . deprecate ( msg , ' 2.12 ' )
else :
else :
module . fail_json ( msg = ' New or classic provider params are required. ' )
module . fail_json ( msg = ' P rovider params are required.' )
# Create the connection object.
# Create the connection object.
try :
try :
self . device = PanDevice . create_from_device (
self . device = PanDevice . create_from_device ( * pan_device_auth )
d [ host_arg ] , d [ ' username ' ] , d [ ' password ' ] ,
d [ ' api_key ' ] , d [ ' port ' ] )
except PanDeviceError as e :
except PanDeviceError as e :
module . fail_json ( msg = ' Failed connection: {0} ' . format ( e ) )
module . fail_json ( msg = ' Failed connection: {0} ' . format ( e ) )
@ -120,6 +132,12 @@ class ConnectionHelper(object):
' PAN-OS ' , _vstr ( self . device . _version_info ) ,
' PAN-OS ' , _vstr ( self . device . _version_info ) ,
_vstr ( self . min_panos_version ) ) )
_vstr ( self . min_panos_version ) ) )
# Optional: Firewall via Panorama connectivity specified.
if hasattr ( self . device , ' refresh_devices ' ) and serial_number :
fw = Firewall ( serial = serial_number )
self . device . add ( fw )
self . device = fw
parent = self . device
parent = self . device
not_found = ' {0} " {1} " is not present. '
not_found = ' {0} " {1} " is not present. '
pano_mia_param = ' Param " {0} " is required for Panorama but not specified. '
pano_mia_param = ' Param " {0} " is required for Panorama but not specified. '
@ -221,7 +239,7 @@ class ConnectionHelper(object):
# Spec: vsys or vsys_dg or vsys_importable.
# Spec: vsys or vsys_dg or vsys_importable.
vsys_name = self . vsys_dg or self . vsys or self . vsys_importable
vsys_name = self . vsys_dg or self . vsys or self . vsys_importable
if vsys_name is not None :
if vsys_name is not None :
self . device . vsys = module . params [ vsys_name ]
parent . vsys = module . params [ vsys_name ]
# Spec: rulebase.
# Spec: rulebase.
if self . rulebase is not None :
if self . rulebase is not None :
@ -294,18 +312,19 @@ def get_connection(vsys=None, device_group=None,
' type ' : ' dict ' ,
' type ' : ' dict ' ,
' required_one_of ' : [ [ ' password ' , ' api_key ' ] , ] ,
' required_one_of ' : [ [ ' password ' , ' api_key ' ] , ] ,
' options ' : {
' options ' : {
' host ' : { ' required ' : True } ,
' ip_address ' : { ' required ' : True } ,
' username ' : { ' default ' : ' admin ' } ,
' username ' : { ' default ' : ' admin ' } ,
' password ' : { ' no_log ' : True } ,
' password ' : { ' no_log ' : True } ,
' api_key ' : { ' no_log ' : True } ,
' api_key ' : { ' no_log ' : True } ,
' port ' : { ' default ' : 443 , ' type ' : ' int ' } ,
' port ' : { ' default ' : 443 , ' type ' : ' int ' } ,
' serial_number ' : { ' no_log ' : True } ,
} ,
} ,
} ,
} ,
}
}
if with_classic_provider_spec :
if with_classic_provider_spec :
spec [ ' provider ' ] [ ' required ' ] = False
spec [ ' provider ' ] [ ' required ' ] = False
spec [ ' provider ' ] [ ' options ' ] [ ' host ' ] [ ' required ' ] = False
spec [ ' provider ' ] [ ' options ' ] [ ' ip_address ' ] [ ' required ' ] = False
del ( spec [ ' provider ' ] [ ' required_one_of ' ] )
del ( spec [ ' provider ' ] [ ' required_one_of ' ] )
spec . update ( {
spec . update ( {
' ip_address ' : { ' required ' : False } ,
' ip_address ' : { ' required ' : False } ,
Garfield Lee Freeman
7 years ago
committed by