gabstopper / ansible-stonesoft

Ansible libraries for automating Stonesoft FW Management
Apache License 2.0
10 stars 3 forks source link

with_dict #14

Closed meandus closed 6 years ago

meandus commented 6 years ago

vars:

NETWORKS: NET1: name: BU1 range: 1.1.1.1/32

task:

error:

"module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_d5lLPK/ansible_module_network_element.py\", line 479, in <module>\n    main()\n  File \"/tmp/ansible_d5lLPK/ansible_module_network_element.py\", line 476, in main\n    NetworkElement()\n  File \"/tmp/ansible_d5lLPK/ansible_module_network_element.py\", line 392, in __init__\n    super(NetworkElement, self).__init__(self.module_args, supports_check_mode=True)\n  File \"/tmp/ansible_d5lLPK/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py\", line 367, in __init__\n  File \"/tmp/ansible_d5lLPK/ansible_module_network_element.py\", line 427, in exec_module\n    result = self.update_group(element, ELEMENT_TYPES)\n  File \"/tmp/ansible_d5lLPK/ansible_module_network_element.py\", line 460, in update_group\n    m = update_or_create(member, type_dict, check_mode=self.check_mode)\n  File \"/tmp/ansible_d5lLPK/ansible_modlib.zip/ansible/module_utils/stonesoft_util.py\", line 227, in update_or_create\nAttributeError: 'str' object has no attribute 'items'\n",
"module_stdout": "",
"msg": "MODULE FAILURE",
gabstopper commented 6 years ago

It looks like I should add more validation to structure, from what I can tell from the playbook, your group syntax is invalid. Should be in this format:

- network:
       name: networka
       ipv4_network: 3.3.3.0/24
       ipv6_network: fc00::/7
       comment: created by dlepage
- group: 
      name: mygroup
      members:
      - host: 
            name: hosta
- group:
    name: newgroupa
    members:
    - host:
           name: newhostb
           address: 1.1.1.1

The group definition does not look correct. Here is the dict format:

{'elements': [
       {'network': {'comment': 'created by dlepage',
                           'ipv4_network': '3.3.3.0/24',
                           'ipv6_network': 'fc00::/7',
                           'name': 'networka'}},
       {'group': {'members': [{'host': {'name': 'hosta'}}],
                       'name': 'mygroup'}},
       {'group': {'members': [{'host': {'address': '1.1.1.1',
                                        'name': 'newhostb'}}],
                       'name': 'newgroupa'}}]
meandus commented 6 years ago

Yes I know the error (because of /32 foe a network) but i prefer to show you an unmanaged case and error ;)

RÉMY POUCHAIN

Le 5 avril 2018 21:23:45 GMT+02:00, David LePage notifications@github.com a écrit :

It looks like I should add more validation to structure, from what I can tell from the playbook, your group syntax is invalid. Should be in this format:

- network:
      name: networka
      ipv4_network: 3.3.3.0/24
      ipv6_network: fc00::/7
      comment: created by dlepage
- group: 
     name: mygroup
     members:
     - host: 
           name: hosta
- group:
   name: newgroupa
   members:
   - host:
          name: newhostb
          address: 1.1.1.1

The group definition does not look correct. Here is the dict format:

{'elements': [
      {'network': {'comment': 'created by dlepage',
                          'ipv4_network': '3.3.3.0/24',
                          'ipv6_network': 'fc00::/7',
                          'name': 'networka'}},
      {'group': {'members': [{'host': {'name': 'hosta'}}],
                      'name': 'mygroup'}},
      {'group': {'members': [{'host': {'address': '1.1.1.1',
                                       'name': 'newhostb'}}],
                      'name': 'newgroupa'}}]

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379048832

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:

- group:
      name: foogroup
      members:
          host:
          - hosta
          - hostb

which appears to be the syntax you are using.

meandus commented 6 years ago

Right now ,im using two task ti create object and another to add member to group.

It could be interesting but not mandatory to allow creation of empty group (allowed in SMC)

Le 5 avril 2018 21:45:11 GMT+02:00, David LePage notifications@github.com a écrit :

One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:

- group:
     name: foogroup
     members:
         host:
         - hosta
         - hostb

which appears to be the syntax you are using.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379054602

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

meandus commented 6 years ago

Add a flag to add member or remove member ;)

Le 5 avril 2018 21:45:11 GMT+02:00, David LePage notifications@github.com a écrit :

One additional thing to note is the second group syntax supports creating the element within the group rather than as a second operation. If it's a simpler model, I'm not opposed to modifying the format to expect the group elements be created and use a syntax like this:

- group:
     name: foogroup
     members:
         host:
         - hosta
         - hostb

which appears to be the syntax you are using.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379054602

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Thanks for the feedback 👍 I will add a check in place here to catch that invalid format (and any others). I like the idea of empty group and flag to add/remove. Will incorporate.

gabstopper commented 6 years ago

Hi Remy, Quick question. Does it seem reasonable if I implement this for groups:

- group:
      name: foogroup
      members:
          host:
          - hosta
          - hostb

This is a deviation from the current where members could be created in the nested group definition. I will then also add an option to remove member/s also.

meandus commented 6 years ago

If you add also - network object ;)

Le 6 avril 2018 18:54:32 GMT+02:00, David LePage notifications@github.com a écrit :

Hi Remy, Quick question. Does it seem reasonable if I implement this for groups:

- group:
     name: foogroup
     members:
         host:
         - hosta
         - hostb

This is a deviation from the current where members could be created in the nested group definition. I will then also add an option to remove member/s also.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-379312776

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Hi Remy, yes for sure. Any network_elements will be supported as group members.

gabstopper commented 6 years ago

Hi Remy, I have posted a new version that supports modify/remove of group members based on this type of syntax:

- group:
    name: foogroup
    #remove_members: true
    #append_lists: true
    members:
       host:
       - hosta
       - hostb
       network:
      - networka

It is also possible to add a netlink element now as well. Please see the example network_element playbook:

https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml

The new engine library also allows you to assign the netlink to the specified interfaces.

meandus commented 6 years ago

Thanks a lot !

Le 25 avril 2018 05:50:22 GMT+02:00, David LePage notifications@github.com a écrit :

Hi Remy, I have posted a new version that supports modify/remove of group members based on this type of syntax:

- group:
   name: foogroup
   #remove_members: true
   #append_lists: true
   members:
      host:
      - hosta
      - hostb
      network:
     - networka

It is also possible to add a netlink element now as well. Please see the example network_element playbook:

https://github.com/gabstopper/ansible-stonesoft/blob/master/playbooks/network_element.yml

The new engine library also allows you to assign the netlink to the specified interfaces.

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/gabstopper/ansible-stonesoft/issues/14#issuecomment-384152643

-- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.

gabstopper commented 6 years ago

Will close this as implemented. Note that you can also add an empty group in the format:

- group:
    name: emptyregulargrp
    members: