summaryrefslogtreecommitdiff
path: root/plugins/modules
diff options
context:
space:
mode:
authoransible-zuul[bot] <48994755+ansible-zuul[bot]@users.noreply.github.com>2020-02-19 21:10:08 +0000
committerGitHub <noreply@github.com>2020-02-19 21:10:08 +0000
commitc390b91be90c6fec33a1d4d3ed37d9c55f4328b2 (patch)
treec5ff33aa0e4770a13340a52b1e2bda7531541a5f /plugins/modules
parentf63b5c97edbf598f7b2a4c044386de3dddfda100 (diff)
parent45f223636c73ba69d3fea3c8aab8edd41de01388 (diff)
downloadvyos.vyos-c390b91be90c6fec33a1d4d3ed37d9c55f4328b2.tar.gz
vyos.vyos-c390b91be90c6fec33a1d4d3ed37d9c55f4328b2.zip
Merge pull request #2 from CaptTrews/master
Updated from network content collector Reviewed-by: https://github.com/apps/ansible-zuul
Diffstat (limited to 'plugins/modules')
-rw-r--r--plugins/modules/vyos_facts.py2
-rw-r--r--plugins/modules/vyos_firewall_rules.py1565
-rw-r--r--plugins/modules/vyos_static_route.py12
-rw-r--r--plugins/modules/vyos_static_routes.py1156
4 files changed, 2733 insertions, 2 deletions
diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py
index 9eaa278d..19fb727f 100644
--- a/plugins/modules/vyos_facts.py
+++ b/plugins/modules/vyos_facts.py
@@ -47,7 +47,7 @@ options:
Can specify a list of values to include a larger subset. Values can also be
used with an initial C(M(!)) to specify that a specific subset should not be
collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces',
- 'lldp_global', 'lldp_interfaces'.
+ 'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules'.
required: false
"""
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
new file mode 100644
index 00000000..a9e676b6
--- /dev/null
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -0,0 +1,1565 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright 2019 Red Hat
+# GNU General Public License v3.0+
+# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#############################################
+# WARNING #
+#############################################
+#
+# This file is auto generated by the resource
+# module builder playbook.
+#
+# Do not edit this file manually.
+#
+# Changes to this file will be over written
+# by the resource module builder.
+#
+# Changes should be made in the model used to
+# generate this file or in the resource module
+# builder template.
+#
+#############################################
+
+"""
+The module file for vyos_firewall_rules
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "network",
+}
+
+DOCUMENTATION = """module: vyos_firewall_rules
+short_description: Manage firewall rule-set attributes on VyOS devices
+description: This module manages firewall rule-set attributes on VyOS devices
+notes:
+- Tested against VyOS 1.1.8 (helium).
+- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
+author:
+- Rohit Thakur (@rohitthakur2590)
+options:
+ config:
+ description: A dictionary of Firewall rule-set options.
+ type: list
+ elements: dict
+ suboptions:
+ afi:
+ description:
+ - Specifies the type of rule-set.
+ type: str
+ choices:
+ - ipv4
+ - ipv6
+ required: true
+ rule_sets:
+ description:
+ - The Firewall rule-set list.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Firewall rule set name.
+ type: str
+ default_action:
+ description:
+ - Default action for rule-set.
+ - drop (Drop if no prior rules are hit (default))
+ - reject (Drop and notify source if no prior rules are hit)
+ - accept (Accept if no prior rules are hit)
+ type: str
+ choices:
+ - drop
+ - reject
+ - accept
+ description:
+ description:
+ - Rule set description.
+ type: str
+ enable_default_log:
+ description:
+ - Option to log packets hitting default-action.
+ type: bool
+ rules:
+ description:
+ - A ditionary that specifies the rule-set configurations.
+ type: list
+ elements: dict
+ suboptions:
+ number:
+ description:
+ - Rule number.
+ type: int
+ required: true
+ description:
+ description:
+ - Description of this rule.
+ type: str
+ action:
+ description:
+ - Specifying the action.
+ type: str
+ choices:
+ - drop
+ - reject
+ - accept
+ - inspect
+ destination:
+ description:
+ - Specifying the destination parameters.
+ type: dict
+ suboptions:
+ address:
+ description:
+ - Destination ip address subnet or range.
+ - IPv4/6 address, subnet or range to match.
+ - Match everything except the specified address, subnet or range.
+ - Destination ip address subnet or range.
+ type: str
+ group:
+ description:
+ - Destination group.
+ type: dict
+ suboptions:
+ address_group:
+ description:
+ - Group of addresses.
+ type: str
+ network_group:
+ description:
+ - Group of networks.
+ type: str
+ port_group:
+ description:
+ - Group of ports.
+ type: str
+ port:
+ description:
+ - Multiple destination ports can be specified as a comma-separated
+ list.
+ - The whole list can also be "negated" using '!'.
+ - For example:'!22,telnet,http,123,1001-1005'.
+ type: str
+ disabled:
+ description:
+ - Option to disable firewall rule.
+ type: bool
+ fragment:
+ description:
+ - IP fragment match.
+ type: str
+ choices:
+ - match-frag
+ - match-non-frag
+ icmp:
+ description:
+ - ICMP type and code information.
+ type: dict
+ suboptions:
+ type_name:
+ description:
+ - ICMP type-name.
+ type: str
+ choices:
+ - any
+ - echo-reply
+ - destination-unreachable
+ - network-unreachable
+ - host-unreachable
+ - protocol-unreachable
+ - port-unreachable
+ - fragmentation-needed
+ - source-route-failed
+ - network-unknown
+ - host-unknown
+ - network-prohibited
+ - host-prohibited
+ - TOS-network-unreachable
+ - TOS-host-unreachable
+ - communication-prohibited
+ - host-precedence-violation
+ - precedence-cutoff
+ - source-quench
+ - redirect
+ - network-redirect
+ - host-redirect
+ - TOS-network-redirect
+ - TOS-host-redirect
+ - echo-request
+ - router-advertisement
+ - router-solicitation
+ - time-exceeded
+ - ttl-zero-during-transit
+ - ttl-zero-during-reassembly
+ - parameter-problem
+ - ip-header-bad
+ - required-option-missing
+ - timestamp-request
+ - timestamp-reply
+ - address-mask-request
+ - address-mask-reply
+ - ping
+ - pong
+ - ttl-exceeded
+ code:
+ description:
+ - ICMP code.
+ type: int
+ type:
+ description:
+ - ICMP type.
+ type: int
+ ipsec:
+ description:
+ - Inboud ip sec packets.
+ type: str
+ choices:
+ - match-ipsec
+ - match-none
+ limit:
+ description:
+ - Rate limit using a token bucket filter.
+ type: dict
+ suboptions:
+ burst:
+ description:
+ - Maximum number of packets to allow in excess of rate.
+ type: int
+ rate:
+ description:
+ - format for rate (integer/time unit).
+ - any one of second, minute, hour or day may be used to specify
+ time unit.
+ - eg. 1/second implies rule to be matched at an average of once
+ per second.
+ type: dict
+ suboptions:
+ number:
+ description:
+ - This is the integer value.
+ type: int
+ unit:
+ description:
+ - This is the time unit.
+ type: str
+ p2p:
+ description:
+ - P2P application packets.
+ type: list
+ elements: dict
+ suboptions:
+ application:
+ description:
+ - Name of the application.
+ type: str
+ choices:
+ - all
+ - applejuice
+ - bittorrent
+ - directconnect
+ - edonkey
+ - gnutella
+ - kazaa
+ protocol:
+ description:
+ - Protocol to match (protocol name in /etc/protocols or protocol number
+ or all).
+ - <text> IP protocol name from /etc/protocols (e.g. "tcp" or "udp").
+ - <0-255> IP protocol number.
+ - tcp_udp Both TCP and UDP.
+ - all All IP protocols.
+ - (!)All IP protocols except for the specified name or number.
+ type: str
+ recent:
+ description:
+ - Parameters for matching recently seen sources.
+ type: dict
+ suboptions:
+ count:
+ description:
+ - Source addresses seen more than N times.
+ type: int
+ time:
+ description:
+ - Source addresses seen in the last N seconds.
+ type: int
+ source:
+ description:
+ - Source parameters.
+ type: dict
+ suboptions:
+ address:
+ description:
+ - Source ip address subnet or range.
+ - IPv4/6 address, subnet or range to match.
+ - Match everything except the specified address, subnet or range.
+ - Source ip address subnet or range.
+ type: str
+ group:
+ description:
+ - Source group.
+ type: dict
+ suboptions:
+ address_group:
+ description:
+ - Group of addresses.
+ type: str
+ network_group:
+ description:
+ - Group of networks.
+ type: str
+ port_group:
+ description:
+ - Group of ports.
+ type: str
+ port:
+ description:
+ - Multiple source ports can be specified as a comma-separated
+ list.
+ - The whole list can also be "negated" using '!'.
+ - For example:'!22,telnet,http,123,1001-1005'.
+ type: str
+ mac_address:
+ description:
+ - <MAC address> MAC address to match.
+ - <!MAC address> Match everything except the specified MAC address.
+ type: str
+ state:
+ description:
+ - Session state.
+ type: dict
+ suboptions:
+ established:
+ description:
+ - Established state.
+ type: bool
+ invalid:
+ description:
+ - Invalid state.
+ type: bool
+ new:
+ description:
+ - New state.
+ type: bool
+ related:
+ description:
+ - Related state.
+ type: bool
+ tcp:
+ description:
+ - TCP flags to match.
+ type: dict
+ suboptions:
+ flags:
+ description:
+ - TCP flags to be matched.
+ type: str
+ time:
+ description:
+ - Time to match rule.
+ type: dict
+ suboptions:
+ utc:
+ description:
+ - Interpret times for startdate, stopdate, starttime and stoptime
+ to be UTC.
+ type: bool
+ monthdays:
+ description:
+ - Monthdays to match rule on.
+ type: str
+ startdate:
+ description:
+ - Date to start matching rule.
+ type: str
+ starttime:
+ description:
+ - Time of day to start matching rule.
+ type: str
+ stopdate:
+ description:
+ - Date to stop matching rule.
+ type: str
+ stoptime:
+ description:
+ - Time of day to stop matching rule.
+ type: str
+ weekdays:
+ description:
+ - Weekdays to match rule on.
+ type: str
+ running_config:
+ description:
+ - The module, by default, will connect to the remote device and retrieve the current
+ running-config to use as a base for comparing against the contents of source.
+ There are times when it is not desirable to have the task get the current running-config
+ for every task in a playbook. The I(running_config) argument allows the implementer
+ to pass in the configuration to use as the base config for comparison. This
+ value of this option should be the output received from device by executing
+ command C(show configuration commands | grep 'firewall'
+ type: str
+ state:
+ description:
+ - The state the configuration should be left in
+ type: str
+ choices:
+ - merged
+ - replaced
+ - overridden
+ - deleted
+ - gathered
+ - rendered
+ - parsed
+ default: merged
+"""
+EXAMPLES = """
+# Using deleted to delete firewall rules based on rule-set name
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 501 action 'accept'
+# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+#
+- name: Delete attributes of given firewall rules.
+ vyos_firewall_rules:
+ config:
+ - afi: ipv4
+ rule_sets:
+ - name: 'Downlink'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete firewall name Downlink"
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall group address-group 'inbound'
+
+
+# Using deleted to delete all the the firewall rules when provided config is empty
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 501 action 'accept'
+# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+#
+- name: Delete attributes of given firewall rules.
+ vyos_firewall_rules:
+ config:
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete firewall name"
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall group address-group 'inbound'
+
+
+# Using deleted to delete the the firewall rules based on afi
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 501 action 'accept'
+# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+#
+- name: Delete attributes of given firewall rules.
+ vyos_firewall_rules:
+ config:
+ - afi: ipv4
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete firewall name",
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall group address-group 'inbound'
+
+
+
+# Using deleted to delete the the firewall rules based on rule number/id
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 501 action 'accept'
+# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+#
+- name: Delete attributes of given firewall rules.
+ vyos_firewall_rules:
+ config:
+ - afi: ipv4
+ rule_sets:
+ - name: 'Downlink'
+ rules:
+ - number: 501
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete firewall ipv6-name Downlink rule 501"
+# ]
+#
+# "after": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# After state
+# ------------
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+
+
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@vyos# run show configuration commands | grep firewall
+# set firewall group address-group 'inbound'
+#
+- name: Merge the provided configuration with the exisiting running configuration
+ vyos_firewall_rules:
+ config:
+ - afi: 'ipv6'
+ rule_sets:
+ - name: 'UPLINK'
+ description: 'This is ipv6 specific rule-set'
+ default_action: 'accept'
+ rules:
+ - number: 1
+ action: 'accept'
+ description: 'Fwipv6-Rule 1 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 2
+ action: 'accept'
+ description: 'Fwipv6-Rule 2 is configured by Ansible'
+ ipsec: 'match-ipsec'
+
+ - afi: 'ipv4'
+ rule_sets:
+ - name: 'INBOUND'
+ description: 'IPv4 INBOUND rule set'
+ default_action: 'accept'
+ rules:
+ - number: 101
+ action: 'accept'
+ description: 'Rule 101 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 102
+ action: 'reject'
+ description: 'Rule 102 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 103
+ action: 'accept'
+ description: 'Rule 103 is configured by Ansible'
+ destination:
+ group:
+ address_group: 'inbound'
+ source:
+ address: '192.0.2.0'
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# before": []
+#
+# "commands": [
+# "set firewall ipv6-name UPLINK default-action 'accept'",
+# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
+# "set firewall ipv6-name UPLINK rule 1 action 'accept'",
+# "set firewall ipv6-name UPLINK rule 1",
+# "set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'",
+# "set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'",
+# "set firewall ipv6-name UPLINK rule 2 action 'accept'",
+# "set firewall ipv6-name UPLINK rule 2",
+# "set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'",
+# "set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'",
+# "set firewall name INBOUND default-action 'accept'",
+# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
+# "set firewall name INBOUND rule 101 action 'accept'",
+# "set firewall name INBOUND rule 101",
+# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
+# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
+# "set firewall name INBOUND rule 102 action 'reject'",
+# "set firewall name INBOUND rule 102",
+# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
+# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
+# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
+# "set firewall name INBOUND rule 103 destination group address-group inbound",
+# "set firewall name INBOUND rule 103",
+# "set firewall name INBOUND rule 103 source address 192.0.2.0",
+# "set firewall name INBOUND rule 103 state established enable",
+# "set firewall name INBOUND rule 103 state related enable",
+# "set firewall name INBOUND rule 103 state invalid disable",
+# "set firewall name INBOUND rule 103 state new disable",
+# "set firewall name INBOUND rule 103 action 'accept'"
+# ]
+#
+# "after": [
+# {
+# "afi": "ipv6",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "This is ipv6 specific rule-set",
+# "name": "UPLINK",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 1 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 1
+# },
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 2 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 2
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "INBOUND",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 101 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 101
+# },
+# {
+# "action": "reject",
+# "description": "Rule 102 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 102
+# },
+# {
+# "action": "accept",
+# "description": "Rule 103 is configured by Ansible",
+# "destination": {
+# "group": {
+# "address_group": "inbound"
+# }
+# },
+# "number": 103,
+# "source": {
+# "address": "192.0.2.0"
+# },
+# "state": {
+# "established": true,
+# "invalid": false,
+# "new": false,
+# "related": true
+# }
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6-name UPLINK rule 1 action 'accept'
+# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6-name UPLINK rule 2 action 'accept'
+# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 102 action 'reject'
+# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 103 action 'accept'
+# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall name INBOUND rule 103 source address '192.0.2.0'
+# set firewall name INBOUND rule 103 state established 'enable'
+# set firewall name INBOUND rule 103 state invalid 'disable'
+# set firewall name INBOUND rule 103 state new 'disable'
+# set firewall name INBOUND rule 103 state related 'enable'
+
+
+# Using replaced
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6-name UPLINK rule 1 action 'accept'
+# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6-name UPLINK rule 2 action 'accept'
+# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 102 action 'reject'
+# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 103 action 'accept'
+# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall name INBOUND rule 103 source address '192.0.2.0'
+# set firewall name INBOUND rule 103 state established 'enable'
+# set firewall name INBOUND rule 103 state invalid 'disable'
+# set firewall name INBOUND rule 103 state new 'disable'
+# set firewall name INBOUND rule 103 state related 'enable'
+#
+- name: Replace device configurations of listed firewall rules with provided configurations
+ vyos_firewall_rules:
+ config:
+ - afi: 'ipv6'
+ rule_sets:
+ - name: 'UPLINK'
+ description: 'This is ipv6 specific rule-set'
+ default_action: 'accept'
+ - afi: 'ipv4'
+ rule_sets:
+ - name: 'INBOUND'
+ description: 'IPv4 INBOUND rule set'
+ default_action: 'accept'
+ rules:
+ - number: 101
+ action: 'accept'
+ description: 'Rule 101 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 104
+ action: 'reject'
+ description: 'Rule 104 is configured by Ansible'
+ ipsec: 'match-none'
+ state: replaced
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "afi": "ipv6",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "This is ipv6 specific rule-set",
+# "name": "UPLINK",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 1 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 1
+# },
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 2 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 2
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "INBOUND",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 101 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 101
+# },
+# {
+# "action": "reject",
+# "description": "Rule 102 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 102
+# },
+# {
+# "action": "accept",
+# "description": "Rule 103 is configured by Ansible",
+# "destination": {
+# "group": {
+# "address_group": "inbound"
+# }
+# },
+# "number": 103,
+# "source": {
+# "address": "192.0.2.0"
+# },
+# "state": {
+# "established": true,
+# "invalid": false,
+# "new": false,
+# "related": true
+# }
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# "commands": [
+# "delete firewall ipv6-name UPLINK rule 1",
+# "delete firewall ipv6-name UPLINK rule 2",
+# "delete firewall name INBOUND rule 102",
+# "delete firewall name INBOUND rule 103",
+# "set firewall name INBOUND rule 104 action 'reject'",
+# "set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'",
+# "set firewall name INBOUND rule 104",
+# "set firewall name INBOUND rule 104 ipsec 'match-none'"
+# ]
+#
+# "after": [
+# {
+# "afi": "ipv6",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "This is ipv6 specific rule-set",
+# "name": "UPLINK"
+# }
+# ]
+# },
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "INBOUND",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 101 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 101
+# },
+# {
+# "action": "reject",
+# "description": "Rule 104 is configured by Ansible",
+# "ipsec": "match-none",
+# "number": 104
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 104 action 'reject'
+# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+# set firewall name INBOUND rule 104 ipsec 'match-none'
+
+
+# Using overridden
+#
+# Before state
+# --------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 104 action 'reject'
+# set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+# set firewall name INBOUND rule 104 ipsec 'match-none'
+#
+- name: Overrides all device configuration with provided configuration
+ vyos_firewall_rules:
+ config:
+ - afi: 'ipv4'
+ rule_sets:
+ - name: 'Downlink'
+ description: 'IPv4 INBOUND rule set'
+ default_action: 'accept'
+ rules:
+ - number: 501
+ action: 'accept'
+ description: 'Rule 501 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 502
+ action: 'reject'
+ description: 'Rule 502 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ state: overridden
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "afi": "ipv6",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "This is ipv6 specific rule-set",
+# "name": "UPLINK"
+# }
+# ]
+# },
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "INBOUND",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 101 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 101
+# },
+# {
+# "action": "reject",
+# "description": "Rule 104 is configured by Ansible",
+# "ipsec": "match-none",
+# "number": 104
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# "commands": [
+# "delete firewall ipv6-name UPLINK",
+# "delete firewall name INBOUND",
+# "set firewall name Downlink default-action 'accept'",
+# "set firewall name Downlink description 'IPv4 INBOUND rule set'",
+# "set firewall name Downlink rule 501 action 'accept'",
+# "set firewall name Downlink rule 501",
+# "set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'",
+# "set firewall name Downlink rule 501 ipsec 'match-ipsec'",
+# "set firewall name Downlink rule 502 action 'reject'",
+# "set firewall name Downlink rule 502",
+# "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'",
+# "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+#
+#
+# "after": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+#
+# After state
+# ------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall name Downlink default-action 'accept'
+# set firewall name Downlink description 'IPv4 INBOUND rule set'
+# set firewall name Downlink rule 501 action 'accept'
+# set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+# set firewall name Downlink rule 501 ipsec 'match-ipsec'
+# set firewall name Downlink rule 502 action 'reject'
+# set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+# set firewall name Downlink rule 502 ipsec 'match-ipsec'
+
+
+# Using gathered
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6-name UPLINK rule 1 action 'accept'
+# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6-name UPLINK rule 2 action 'accept'
+# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 102 action 'reject'
+# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 103 action 'accept'
+# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall name INBOUND rule 103 source address '192.0.2.0'
+# set firewall name INBOUND rule 103 state established 'enable'
+# set firewall name INBOUND rule 103 state invalid 'disable'
+# set firewall name INBOUND rule 103 state new 'disable'
+# set firewall name INBOUND rule 103 state related 'enable'
+#
+- name: Gather listed firewall rules with provided configurations
+ vyos_firewall_rules:
+ config:
+ state: gathered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "gathered": [
+# {
+# "afi": "ipv6",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "This is ipv6 specific rule-set",
+# "name": "UPLINK",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 1 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 1
+# },
+# {
+# "action": "accept",
+# "description": "Fwipv6-Rule 2 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 2
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "INBOUND",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 101 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 101
+# },
+# {
+# "action": "reject",
+# "description": "Rule 102 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 102
+# },
+# {
+# "action": "accept",
+# "description": "Rule 103 is configured by Ansible",
+# "destination": {
+# "group": {
+# "address_group": "inbound"
+# }
+# },
+# "number": 103,
+# "source": {
+# "address": "192.0.2.0"
+# },
+# "state": {
+# "established": true,
+# "invalid": false,
+# "new": false,
+# "related": true
+# }
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep firewall
+# set firewall group address-group 'inbound'
+# set firewall ipv6-name UPLINK default-action 'accept'
+# set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+# set firewall ipv6-name UPLINK rule 1 action 'accept'
+# set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
+# set firewall ipv6-name UPLINK rule 2 action 'accept'
+# set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+# set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+# set firewall name INBOUND default-action 'accept'
+# set firewall name INBOUND description 'IPv4 INBOUND rule set'
+# set firewall name INBOUND rule 101 action 'accept'
+# set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+# set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 102 action 'reject'
+# set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+# set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+# set firewall name INBOUND rule 103 action 'accept'
+# set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+# set firewall name INBOUND rule 103 destination group address-group 'inbound'
+# set firewall name INBOUND rule 103 source address '192.0.2.0'
+# set firewall name INBOUND rule 103 state established 'enable'
+# set firewall name INBOUND rule 103 state invalid 'disable'
+# set firewall name INBOUND rule 103 state new 'disable'
+# set firewall name INBOUND rule 103 state related 'enable'
+
+
+# Using rendered
+#
+#
+- name: Render the commands for provided configuration
+ vyos_firewall_rules:
+ config:
+ - afi: 'ipv6'
+ rule_sets:
+ - name: 'UPLINK'
+ description: 'This is ipv6 specific rule-set'
+ default_action: 'accept'
+ - afi: 'ipv4'
+ rule_sets:
+ - name: 'INBOUND'
+ description: 'IPv4 INBOUND rule set'
+ default_action: 'accept'
+ rules:
+ - number: 101
+ action: 'accept'
+ description: 'Rule 101 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 102
+ action: 'reject'
+ description: 'Rule 102 is configured by Ansible'
+ ipsec: 'match-ipsec'
+ - number: 103
+ action: 'accept'
+ description: 'Rule 103 is configured by Ansible'
+ destination:
+ group:
+ address_group: 'inbound'
+ source:
+ address: '192.0.2.0'
+ state:
+ established: true
+ new: false
+ invalid: false
+ related: true
+ state: rendered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "rendered": [
+# "set firewall ipv6-name UPLINK default-action 'accept'",
+# "set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'",
+# "set firewall name INBOUND default-action 'accept'",
+# "set firewall name INBOUND description 'IPv4 INBOUND rule set'",
+# "set firewall name INBOUND rule 101 action 'accept'",
+# "set firewall name INBOUND rule 101",
+# "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
+# "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
+# "set firewall name INBOUND rule 102 action 'reject'",
+# "set firewall name INBOUND rule 102",
+# "set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'",
+# "set firewall name INBOUND rule 102 ipsec 'match-ipsec'",
+# "set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'",
+# "set firewall name INBOUND rule 103 destination group address-group inbound",
+# "set firewall name INBOUND rule 103",
+# "set firewall name INBOUND rule 103 source address 192.0.2.0",
+# "set firewall name INBOUND rule 103 state established enable",
+# "set firewall name INBOUND rule 103 state related enable",
+# "set firewall name INBOUND rule 103 state invalid disable",
+# "set firewall name INBOUND rule 103 state new disable",
+# "set firewall name INBOUND rule 103 action 'accept'"
+# ]
+
+
+# Using parsed
+#
+#
+- name: Render the commands for provided configuration
+ vyos_firewall_rules:
+ running_config:
+ "set firewall group address-group 'inbound'
+ set firewall name Downlink default-action 'accept'
+ set firewall name Downlink description 'IPv4 INBOUND rule set'
+ set firewall name Downlink rule 501 action 'accept'
+ set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ set firewall name Downlink rule 501 ipsec 'match-ipsec'
+ set firewall name Downlink rule 502 action 'reject'
+ set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+ state: parsed
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "parsed": [
+# {
+# "afi": "ipv4",
+# "rule_sets": [
+# {
+# "default_action": "accept",
+# "description": "IPv4 INBOUND rule set",
+# "name": "Downlink",
+# "rules": [
+# {
+# "action": "accept",
+# "description": "Rule 501 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 501
+# },
+# {
+# "action": "reject",
+# "description": "Rule 502 is configured by Ansible",
+# "ipsec": "match-ipsec",
+# "number": 502
+# }
+# ]
+# }
+# ]
+# }
+# ]
+
+
+"""
+RETURN = """
+before:
+ description: The configuration prior to the model invocation.
+ returned: always
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+after:
+ description: The resulting configuration model invocation.
+ returned: when changed
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+commands:
+ description: The set of commands pushed to the remote device.
+ returned: always
+ type: list
+ sample:
+ - "set firewall name Downlink default-action 'accept'"
+ - "set firewall name Downlink description 'IPv4 INBOUND rule set'"
+ - "set firewall name Downlink rule 501 action 'accept'"
+ - "set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'"
+ - "set firewall name Downlink rule 502 ipsec 'match-ipsec'"
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_rules.firewall_rules import (
+ Firewall_rulesArgs,
+)
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_rules.firewall_rules import (
+ Firewall_rules,
+)
+
+
+def main():
+ """
+ Main entry point for module execution
+ :returns: the result form module invocation
+ """
+ required_if = [
+ ("state", "merged", ("config",)),
+ ("state", "replaced", ("config",)),
+ ("state", "overridden", ("config",)),
+ ("state", "parsed", ("running_config",)),
+ ]
+ mutually_exclusive = [("config", "running_config")]
+
+ module = AnsibleModule(
+ argument_spec=Firewall_rulesArgs.argument_spec,
+ required_if=required_if,
+ supports_check_mode=True,
+ mutually_exclusive=mutually_exclusive,
+ )
+ result = Firewall_rules(module).execute_module()
+ module.exit_json(**result)
+
+
+if __name__ == "__main__":
+ main()
diff --git a/plugins/modules/vyos_static_route.py b/plugins/modules/vyos_static_route.py
index e0c40e7f..af9a1e3f 100644
--- a/plugins/modules/vyos_static_route.py
+++ b/plugins/modules/vyos_static_route.py
@@ -21,7 +21,7 @@
ANSIBLE_METADATA = {
"metadata_version": "1.1",
- "status": ["preview"],
+ "status": ["deprecated"],
"supported_by": "network",
}
@@ -32,6 +32,10 @@ short_description: Manage static IP routes on Vyatta VyOS network devices
description:
- This module provides declarative management of static IP routes on Vyatta VyOS network
devices.
+deprecated:
+ removed_in: '2.13'
+ alternative: vyos_static_routes
+ why: Updated modules released with more functionality.
notes:
- Tested against VyOS 1.1.8 (helium).
- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
@@ -40,17 +44,22 @@ options:
description:
- Network prefix of the static route. C(mask) param should be ignored if C(prefix)
is provided with C(mask) value C(prefix/mask).
+ type: str
mask:
description:
- Network prefix mask of the static route.
+ type: str
next_hop:
description:
- Next hop IP of the static route.
+ type: str
admin_distance:
description:
- Admin distance of the static route.
+ type: int
aggregate:
description: List of static route definitions
+ type: list
state:
description:
- State of the static route configuration.
@@ -58,6 +67,7 @@ options:
choices:
- present
- absent
+ type: str
extends_documentation_fragment:
- vyos.vyos.vyos
"""
diff --git a/plugins/modules/vyos_static_routes.py b/plugins/modules/vyos_static_routes.py
new file mode 100644
index 00000000..6e502037
--- /dev/null
+++ b/plugins/modules/vyos_static_routes.py
@@ -0,0 +1,1156 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+# Copyright 2019 Red Hat
+# GNU General Public License v3.0+
+# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#############################################
+# WARNING #
+#############################################
+#
+# This file is auto generated by the resource
+# module builder playbook.
+#
+# Do not edit this file manually.
+#
+# Changes to this file will be over written
+# by the resource module builder.
+#
+# Changes should be made in the model used to
+# generate this file or in the resource module
+# builder template.
+#
+#############################################
+
+"""
+The module file for vyos_static_routes
+"""
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {
+ "metadata_version": "1.1",
+ "status": ["preview"],
+ "supported_by": "network",
+}
+
+DOCUMENTATION = """module: vyos_static_routes
+short_description: Manages attributes of static routes on VyOS network devices.
+description: This module manages attributes of static routes on VyOS network devices.
+notes:
+- Tested against VyOS 1.1.8 (helium).
+- This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html).
+author:
+- Rohit Thakur (@rohitthakur2590)
+options:
+ config:
+ description: A provided static route configuration.
+ type: list
+ elements: dict
+ suboptions:
+ address_families:
+ description: A dictionary specifying the address family to which the static
+ route(s) belong.
+ type: list
+ elements: dict
+ suboptions:
+ afi:
+ description:
+ - Specifies the type of route.
+ type: str
+ choices:
+ - ipv4
+ - ipv6
+ required: true
+ routes:
+ description: A ditionary that specify the static route configurations.
+ type: list
+ elements: dict
+ suboptions:
+ dest:
+ description:
+ - An IPv4/v6 address in CIDR notation that specifies the destination
+ network for the static route.
+ type: str
+ required: true
+ blackhole_config:
+ description:
+ - Configured to silently discard packets.
+ type: dict
+ suboptions:
+ type:
+ description:
+ - This is to configure only blackhole.
+ type: str
+ distance:
+ description:
+ - Distance for the route.
+ type: int
+ next_hops:
+ description:
+ - Next hops to the specified destination.
+ type: list
+ elements: dict
+ suboptions:
+ forward_router_address:
+ description:
+ - The IP address of the next hop that can be used to reach the
+ destination network.
+ type: str
+ required: true
+ enabled:
+ description:
+ - Disable IPv4/v6 next-hop static route.
+ type: bool
+ admin_distance:
+ description:
+ - Distance value for the route.
+ type: int
+ interface:
+ description:
+ - Name of the outgoing interface.
+ type: str
+ running_config:
+ description:
+ - The module, by default, will connect to the remote device and retrieve the current
+ running-config to use as a base for comparing against the contents of source.
+ There are times when it is not desirable to have the task get the current running-config
+ for every task in a playbook. The I(running_config) argument allows the implementer
+ to pass in the configuration to use as the base config for comparison. This
+ value of this option should be the output received from device by executing
+ command C(show configuration commands | grep 'static route')
+ type: str
+ state:
+ description:
+ - The state of the configuration after module completion.
+ type: str
+ choices:
+ - merged
+ - replaced
+ - overridden
+ - deleted
+ - gathered
+ - rendered
+ - parsed
+ default: merged
+"""
+EXAMPLES = """
+# Using merged
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands | grep static
+#
+- name: Merge the provided configuration with the exisiting running configuration
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: 192.0.2.32/28
+ blackhole_config:
+ type: 'blackhole'
+ next_hops:
+ - forward_router_address: 192.0.2.6
+ - forward_router_address: 192.0.2.7
+ - address_families:
+ - afi: 'ipv6'
+ routes:
+ - dest: 2001:db8:1000::/36
+ blackhole_config:
+ distance: 2
+ next_hops:
+ - forward_router_address: 2001:db8:2000:2::1
+ - forward_router_address: 2001:db8:2000:2::2
+ state: merged
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# before": []
+#
+# "commands": [
+# "set protocols static route 192.0.2.32/28",
+# "set protocols static route 192.0.2.32/28 blackhole",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'",
+# "set protocols static route6 2001:db8:1000::/36",
+# "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'",
+# "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'",
+# "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'"
+# ]
+#
+# "after": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+
+
+# Using replaced
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route 192.0.2.33/28 'blackhole'
+# set protocols static route 192.0.2.33/28 next-hop '192.0.2.3'
+# set protocols static route 192.0.2.33/28 next-hop '192.0.2.4'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Replace device configurations of listed static routes with provided configurations
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: 192.0.2.32/28
+ blackhole_config:
+ distance: 2
+ next_hops:
+ - forward_router_address: 192.0.2.7
+ enabled: false
+ - forward_router_address: 192.0.2.9
+ state: replaced
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# },
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.33/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.3"
+# },
+# {
+# "forward_router_address": "192.0.2.4"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# "commands": [
+# "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.6'",
+# "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.7'",
+# "set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable'",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.9'",
+# "set protocols static route 192.0.2.32/28 blackhole distance '2'"
+# ]
+#
+# "after": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "enabled": false,
+# "forward_router_address": "192.0.2.7"
+# },
+# {
+# "forward_router_address": "192.0.2.9"
+# }
+# ]
+# },
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.33/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.3"
+# },
+# {
+# "forward_router_address": "192.0.2.4"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 blackhole distance '2'
+# set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.9'
+# set protocols static route 192.0.2.33/28 'blackhole'
+# set protocols static route 192.0.2.33/28 next-hop '192.0.2.3'
+# set protocols static route 192.0.2.33/28 next-hop '192.0.2.4'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+
+
+# Using overridden
+#
+# Before state
+# --------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 blackhole distance '2'
+# set protocols static route 192.0.2.32/28 next-hop 192.0.2.7 'disable'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.9'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Overrides all device configuration with provided configuration
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: 198.0.2.48/28
+ next_hops:
+ - forward_router_address: 192.0.2.18
+ state: overridden
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "enabled": false,
+# "forward_router_address": "192.0.2.7"
+# },
+# {
+# "forward_router_address": "192.0.2.9"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+# "commands": [
+# "delete protocols static route 192.0.2.32/28",
+# "delete protocols static route6 2001:db8:1000::/36",
+# "set protocols static route 198.0.2.48/28",
+# "set protocols static route 198.0.2.48/28 next-hop '192.0.2.18'"
+#
+#
+# "after": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "dest": "198.0.2.48/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.18"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+#
+# After state
+# ------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 198.0.2.48/28 next-hop '192.0.2.18'
+
+
+# Using deleted to delete static route based on destination
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Delete static route per destination.
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: '192.0.2.32/28'
+ - afi: 'ipv6'
+ routes:
+ - dest: '2001:db8:1000::/36'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete protocols static route 192.0.2.32/28",
+# "delete protocols static route6 2001:db8:1000::/36"
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep static
+# set protocols 'static'
+
+
+# Using deleted to delete static route based on afi
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Delete static route based on afi.
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ - afi: 'ipv6'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete protocols static route",
+# "delete protocols static route6"
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep static
+# set protocols 'static'
+
+
+# Using deleted to delete all the static routes when passes config is empty
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Delete all the static routes.
+ vyos_static_routes:
+ config:
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete protocols static route",
+# "delete protocols static route6"
+# ]
+#
+# "after": []
+# After state
+# ------------
+# vyos@vyos# run show configuration commands | grep static
+# set protocols 'static'
+
+
+# Using deleted to delete static route based on next-hop
+#
+# Before state
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Delete static routes per next-hops
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: '192.0.2.32/28'
+ next-hops:
+ - forward_router_address: '192.0.2.6'
+ - afi: 'ipv6'
+ routes:
+ - dest: '2001:db8:1000::/36'
+ next-hops:
+ - forward_router_address: '2001:db8:2000:2::1'
+ state: deleted
+#
+#
+# ------------------------
+# Module Execution Results
+# ------------------------
+#
+# "before": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# "commands": [
+# "delete protocols static route 192.0.2.32/28 next-hop '192.0.2.6'",
+# "delete protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'"
+# ]
+#
+# "after": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# After state
+# ------------
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+
+
+# Using rendered
+#
+#
+- name: Render the commands for provided configuration
+ vyos_static_routes:
+ config:
+ - address_families:
+ - afi: 'ipv4'
+ routes:
+ - dest: 192.0.2.32/28
+ blackhole_config:
+ type: 'blackhole'
+ next_hops:
+ - forward_router_address: 192.0.2.6
+ - forward_router_address: 192.0.2.7
+ - address_families:
+ - afi: 'ipv6'
+ routes:
+ - dest: 2001:db8:1000::/36
+ blackhole_config:
+ distance: 2
+ next_hops:
+ - forward_router_address: 2001:db8:2000:2::1
+ - forward_router_address: 2001:db8:2000:2::2
+ state: rendered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "rendered": [
+# "set protocols static route 192.0.2.32/28",
+# "set protocols static route 192.0.2.32/28 blackhole",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'",
+# "set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'",
+# "set protocols static route6 2001:db8:1000::/36",
+# "set protocols static route6 2001:db8:1000::/36 blackhole distance '2'",
+# "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'",
+# "set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'"
+# ]
+
+
+# Using parsed
+#
+#
+- name: Render the commands for provided configuration
+ vyos_static_routes:
+ running_config:
+ "set protocols static route 192.0.2.32/28 'blackhole'
+ set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+ set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+ set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+ set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+ set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'"
+ state: parsed
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+#
+# "parsed": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+
+
+# Using gathered
+#
+# Before state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+#
+- name: Gather listed static routes with provided configurations
+ vyos_static_routes:
+ config:
+ state: gathered
+#
+#
+# -------------------------
+# Module Execution Result
+# -------------------------
+#
+# "gathered": [
+# {
+# "address_families": [
+# {
+# "afi": "ipv4",
+# "routes": [
+# {
+# "blackhole_config": {
+# "type": "blackhole"
+# },
+# "dest": "192.0.2.32/28",
+# "next_hops": [
+# {
+# "forward_router_address": "192.0.2.6"
+# },
+# {
+# "forward_router_address": "192.0.2.7"
+# }
+# ]
+# }
+# ]
+# },
+# {
+# "afi": "ipv6",
+# "routes": [
+# {
+# "blackhole_config": {
+# "distance": 2
+# },
+# "dest": "2001:db8:1000::/36",
+# "next_hops": [
+# {
+# "forward_router_address": "2001:db8:2000:2::1"
+# },
+# {
+# "forward_router_address": "2001:db8:2000:2::2"
+# }
+# ]
+# }
+# ]
+# }
+# ]
+# }
+# ]
+#
+#
+# After state:
+# -------------
+#
+# vyos@vyos:~$ show configuration commands| grep static
+# set protocols static route 192.0.2.32/28 'blackhole'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'
+# set protocols static route 192.0.2.32/28 next-hop '192.0.2.7'
+# set protocols static route6 2001:db8:1000::/36 blackhole distance '2'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'
+# set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'
+
+
+"""
+RETURN = """
+before:
+ description: The configuration prior to the model invocation.
+ returned: always
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+after:
+ description: The resulting configuration model invocation.
+ returned: when changed
+ type: list
+ sample: >
+ The configuration returned will always be in the same format
+ of the parameters above.
+commands:
+ description: The set of commands pushed to the remote device.
+ returned: always
+ type: list
+ sample:
+ - "set protocols static route 192.0.2.32/28 next-hop '192.0.2.6'"
+ - "set protocols static route 192.0.2.32/28 'blackhole'"
+"""
+
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.static_routes.static_routes import (
+ Static_routesArgs,
+)
+from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.static_routes.static_routes import (
+ Static_routes,
+)
+
+
+def main():
+ """
+ Main entry point for module execution
+
+ :returns: the result form module invocation
+ """
+ required_if = [
+ ("state", "merged", ("config",)),
+ ("state", "replaced", ("config",)),
+ ("state", "overridden", ("config",)),
+ ("state", "parsed", ("running_config",)),
+ ]
+ mutually_exclusive = [("config", "running_config")]
+
+ module = AnsibleModule(
+ argument_spec=Static_routesArgs.argument_spec,
+ required_if=required_if,
+ supports_check_mode=True,
+ mutually_exclusive=mutually_exclusive,
+ )
+ result = Static_routes(module).execute_module()
+ module.exit_json(**result)
+
+
+if __name__ == "__main__":
+ main()
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 00:28:36 +0000