Add module for brocade-snmp/access-control

[mgoetze5]

REST API supports configuring the SNMP Access List (FOS 8.2.x REST API Reference page 381) but as far as I can tell there is no corresponding Ansible module, if you could add one that would be great!

[daniel-chung-broadcom]

I think you are referring to access-control list below, right? I think we should be able to use brocade_list_obj module. Would that work?

list access-control { key "index"; status deprecated; description " The SNMP access control list is to restrict SNMP GET, SET, and trap operations to the hosts under an host subnet area. Deprecated : Please use ipfilter-policy list instead. "; leaf index { type uint16 { range "0..5"; } description "The label for this object."; } leaf host { type inet:ip-address; description " The subnet area of the access host. The IP address, for which SNMP operations works only for the hosts configured in ACL list. The IP address supports both IPv4 and IPv6 addresses. "; } leaf access-level { type snmp-types:access-permission; description " The access level of the SNMP access control entry. The access level can be either read-only or read-write. "; } }

[mgoetze5]

I'm not exactly fluent in YANG but it looks about right to me.

[daniel-chung-broadcom]

will brocade_obj_list example be sufficient?

[mgoetze5]

OK, so you're saying I can already use brocade_list_obj, got it. That would also apply to brocade_snmp_v1_account etc. which already have wrapper modules, but would be fine as a workaround. Unfortunately,

tasks:

• name: Write SNMP Access List brocade_list_obj: credential: "{{ credential }}" vfid: -1 module_name: "brocade-snmp" list_name: "access-control" all_entries: true entries:
  • index: 1 host: "10.26.34.0" 'access-level': "ro"

produces the following error:

fatal: [fcsw-gts-a1.storage.ps-intern.de]: FAILED! => {"changed": false, "msg": "user variable name access-level should not contain hyphen"}

[mgoetze5]

OK, I figured out that I can replace access-level with access_level and it works for me. Still for the sake of other users I would suggest writing a wrapper module analogous to the other brocadesnmp* modules.

[daniel-chung-broadcom]

It is great that you were able to figure the use case out. My colleagues is planning on uploading an example to the branch as well for future reference. We'll also keep the use case in mind to create a named module, as you suggested, in the future update. Thanks.

[prabhu-broadcom]

Updated the reference for SNMP Access control playbook. https://github.com/brocade/ansible/blob/documentation_attribute_content_change/snmp_access_control.yml

Thanks,

[prasad-valmeti-broadcom]

This is just to give an update. Plan is in progress to merge documentation branch changes into main/galaxy. Will update once the plan is finalized.

[prasad-valmeti-broadcom]

This is addressed as a part of ansible fos release 1.3.2. It will be available in early June 2023.

[prasad-valmeti-broadcom]

The issue is already addressed in Ansible 1.3.3. If there are no further issues, please suggest if we can close the issue.

[prasad-valmeti-broadcom]

Since there is no response for the issue, and the issue is already addressed in Ansible FOS 1.3.3. Planning to close the issue. Please let us know your comments/suggestions on this.