From d698a9b5f7dd2084509bf9ba5a03951cab4a2744 Mon Sep 17 00:00:00 2001 From: Peter Sprygada Date: Wed, 5 Oct 2016 22:09:18 -0400 Subject: [PATCH] fixes asa_config to allow config to include passwords, defaults or none (#3102) The fix allows the asa_config module to request the config to contain all default statements or password information necessary for vpn tunnel endpoints --- .../modules/extras/network/asa/asa_config.py | 27 ++++++++++++++----- 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/lib/ansible/modules/extras/network/asa/asa_config.py b/lib/ansible/modules/extras/network/asa/asa_config.py index e90f5fbfaae..320255b46f0 100644 --- a/lib/ansible/modules/extras/network/asa/asa_config.py +++ b/lib/ansible/modules/extras/network/asa/asa_config.py @@ -137,7 +137,7 @@ options: will not download the running-config from the remote node. required: false default: null - default: + defaults: description: - This argument specifies whether or not to collect all defaults when getting the remote device running config. When enabled, @@ -146,6 +146,15 @@ options: required: false default: no choices: ['yes', 'no'] + passwords: + description: + - This argument specifies to include passwords in the config + when retrieving the running-config from the remote device. This + includes passwords related to VPN endpoints. This argument is + mutually exclusive with I(defaults). + required: false + default: no + choices: ['yes', 'no'] save: description: - The C(save) argument instructs the module to save the running- @@ -190,10 +199,10 @@ vars: context: ansible - asa_config: - show_command: 'more system:running-config' lines: - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes + passwords: yes provider: "{{ cli }}" """ @@ -226,8 +235,13 @@ from ansible.module_utils.netcfg import NetworkConfig, dumps def get_config(module): contents = module.params['config'] if not contents: - defaults = module.params['default'] - contents = module.config.get_config(include_defaults=defaults) + if module.params['defaults']: + include = 'defaults' + elif module.params['passwords']: + include = 'passwords' + else: + include = None + contents = module.config.get_config(include=include) return NetworkConfig(indent=1, contents=contents) def get_candidate(module): @@ -292,13 +306,14 @@ def main(): replace=dict(default='line', choices=['line', 'block']), config=dict(), - default=dict(type='bool', default=False), + defaults=dict(type='bool', default=False), + passwords=dict(type='bool', default=False), backup=dict(type='bool', default=False), save=dict(type='bool', default=False), ) - mutually_exclusive = [('lines', 'src')] + mutually_exclusive = [('lines', 'src'), ('defaults', 'passwords')] required_if = [('match', 'strict', ['lines']), ('match', 'exact', ['lines']),