From 8ef4e277826ee6ad99662c159feb3241d84c5f58 Mon Sep 17 00:00:00 2001 From: michalbil <92343355+michalbil@users.noreply.github.com> Date: Fri, 29 Mar 2024 01:12:46 +0100 Subject: [PATCH 1/5] docs: fix custom url category "name" parameter description (#554) --- plugins/modules/panos_custom_url_category.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_custom_url_category.py b/plugins/modules/panos_custom_url_category.py index 45096fa61..bc092ef4f 100644 --- a/plugins/modules/panos_custom_url_category.py +++ b/plugins/modules/panos_custom_url_category.py @@ -42,7 +42,7 @@ options: name: description: - - Name of the tag. + - Name of the url category. type: str description: description: From 0d0fd6d11d3bfd55a3795f32f69f9201fd54f554 Mon Sep 17 00:00:00 2001 From: Horia Gunica <43091730+horiagunica@users.noreply.github.com> Date: Fri, 29 Mar 2024 11:55:03 +0200 Subject: [PATCH 2/5] fix(panos_facts.py): Fixed virtual systems fact name (#558) --- plugins/modules/panos_facts.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/panos_facts.py b/plugins/modules/panos_facts.py index 88c71307a..09511707d 100644 --- a/plugins/modules/panos_facts.py +++ b/plugins/modules/panos_facts.py @@ -483,7 +483,7 @@ def populate_facts(self): } ) - self.facts.update({"virtual-systems": virtual_systems}) + self.facts.update({"virtual_systems": virtual_systems}) class Config(Factbase): From 73c28a890ab35784a40ee14a47c11b31f4ffac6d Mon Sep 17 00:00:00 2001 From: michalbil <92343355+michalbil@users.noreply.github.com> Date: Thu, 11 Apr 2024 16:08:16 +0200 Subject: [PATCH 3/5] fix: Add 'parent_interface' parameter for l2/l3 subinterface modules (#552) --- plugins/modules/panos_l2_subinterface.py | 39 ++++++- plugins/modules/panos_l3_subinterface.py | 39 ++++++- .../firewall/test_panos_l2_subinterface.yml | 105 ++++++++++++++++++ .../firewall/test_panos_l3_subinterface.yml | 105 ++++++++++++++++++ 4 files changed, 281 insertions(+), 7 deletions(-) create mode 100644 tests/integration/firewall/test_panos_l2_subinterface.yml create mode 100644 tests/integration/firewall/test_panos_l3_subinterface.yml diff --git a/plugins/modules/panos_l2_subinterface.py b/plugins/modules/panos_l2_subinterface.py index f38696c98..965fb996b 100644 --- a/plugins/modules/panos_l2_subinterface.py +++ b/plugins/modules/panos_l2_subinterface.py @@ -46,6 +46,10 @@ description: - Name of the interface to configure. type: str + parent_interface: + description: + - Name of the parent interface + type: str tag: description: - Tag (vlan id) for the interface @@ -103,8 +107,31 @@ class Helper(ConnectionHelper): def initial_handling(self, module): - if "." not in module.params["name"]: - module.fail_json(msg='interface name does not have "." in it') + # Sanity check. + name_set = True if module.params["name"] is not None else False + parent_set = True if module.params["parent_interface"] is not None else False + + if module.params["state"] == "gathered" and not parent_set: + module.fail_json( + msg="'parent_interface' is required when state is 'gathered'." + ) + + if name_set: + if "." not in module.params["name"]: + module.fail_json( + msg="Subinterface name does not have '.' in it: {0}".format( + module.params["name"] + ) + ) + if ( + parent_set + and module.params["parent_interface"] not in module.params["name"] + ): + module.fail_json( + msg="Parent and subinterface names do not match: {0} - {1}".format( + module.params["parent_interface"], module.params["name"] + ) + ) if module.params["state"] not in ("present", "replaced"): return @@ -113,7 +140,10 @@ def initial_handling(self, module): module.params["vsys"] = "vsys1" def parent_handling(self, parent, module): - iname = module.params["name"].split(".")[0] + if module.params["parent_interface"] is not None: + iname = module.params["parent_interface"] + else: + iname = module.params["name"].split(".")[0] if iname.startswith("ae"): eth = to_sdk_cls("network", "AggregateInterface")(iname) @@ -147,6 +177,9 @@ def main(): netflow_profile=dict(sdk_param="netflow_profile_l2"), comment=dict(), ), + extra_params=dict( + parent_interface=dict(type="str"), + ), ) module = AnsibleModule( diff --git a/plugins/modules/panos_l3_subinterface.py b/plugins/modules/panos_l3_subinterface.py index cada05cd5..b8afb08ae 100644 --- a/plugins/modules/panos_l3_subinterface.py +++ b/plugins/modules/panos_l3_subinterface.py @@ -48,6 +48,10 @@ description: - Name of the interface to configure. type: str + parent_interface: + description: + - Name of the parent interface + type: str tag: description: - Tag (vlan id) for the interface @@ -151,8 +155,30 @@ class Helper(ConnectionHelper): def initial_handling(self, module): # Sanity check. - if "." not in module.params["name"]: - module.fail_json(msg='Interface name does not have "." in it') + name_set = True if module.params["name"] is not None else False + parent_set = True if module.params["parent_interface"] is not None else False + + if module.params["state"] == "gathered" and not parent_set: + module.fail_json( + msg="'parent_interface' is required when state is 'gathered'." + ) + + if name_set: + if "." not in module.params["name"]: + module.fail_json( + msg="Subinterface name does not have '.' in it: {0}".format( + module.params["name"] + ) + ) + if ( + parent_set + and module.params["parent_interface"] not in module.params["name"] + ): + module.fail_json( + msg="Parent and subinterface names do not match: {0} - {1}".format( + module.params["parent_interface"], module.params["name"] + ) + ) if module.params["state"] not in ("present", "replaced"): return @@ -161,9 +187,11 @@ def initial_handling(self, module): module.params["vsys"] = "vsys1" def parent_handling(self, parent, module): - iname = module.params["name"].split(".")[0] + if module.params["parent_interface"] is not None: + iname = module.params["parent_interface"] + else: + iname = module.params["name"].split(".")[0] - eth = None if iname.startswith("ae"): eth = to_sdk_cls("network", "AggregateInterface")(iname) else: @@ -215,6 +243,9 @@ def main(): ), dhcp_default_route_metric=dict(type="int"), ), + extra_params=dict( + parent_interface=dict(type="str"), + ), ) module = AnsibleModule( diff --git a/tests/integration/firewall/test_panos_l2_subinterface.yml b/tests/integration/firewall/test_panos_l2_subinterface.yml new file mode 100644 index 000000000..7ece31808 --- /dev/null +++ b/tests/integration/firewall/test_panos_l2_subinterface.yml @@ -0,0 +1,105 @@ +--- +- name: test_panos_l2_subinterface - Create + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + register: result + +- name: test_panos_l2_subinterface - Assert create was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l2_subinterface - Create (idempotence) + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + register: result + +- name: test_panos_l2_subinterface - Assert create (idempotence) was successful + assert: + that: + - result is success + - result is not changed + +- name: test_panos_l2_subinterface - Modify + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 1 + register: result + +- name: test_panos_l2_subinterface - Assert modify was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l2_subinterface - Gather all + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: '*' + register: result + +- name: test_panos_l2_subinterface - Assert gather all returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 1 }}" + +- name: test_panos_l2_subinterface - Gather by parameter with one match + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: 'name ends-with 1' + register: result + +- name: test_panos_l2_subinterface - Assert gather by parameter with one match returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 1 }}" + +- name: test_panos_l2_subinterface - Gather by parameter with no match + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: 'name ends-with 2' + register: result + +- name: test_panos_l2_subinterface - Assert gather by parameter with no match returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 0 }}" + +- name: test_panos_l2_subinterface - Delete + paloaltonetworks.panos.panos_l2_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + state: 'absent' + register: result + +- name: test_panos_l2_subinterface - Assert delete was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l2_subinterface - Make sure changes commit cleanly + paloaltonetworks.panos.panos_commit_firewall: + provider: '{{ device }}' + register: result + +- name: test_panos_l2_subinterface - Assert commit was successful + assert: + that: + - result is success diff --git a/tests/integration/firewall/test_panos_l3_subinterface.yml b/tests/integration/firewall/test_panos_l3_subinterface.yml new file mode 100644 index 000000000..7f63a6d32 --- /dev/null +++ b/tests/integration/firewall/test_panos_l3_subinterface.yml @@ -0,0 +1,105 @@ +--- +- name: test_panos_l3_subinterface - Create + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + register: result + +- name: test_panos_l3_subinterface - Assert create was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l3_subinterface - Create (idempotence) + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + register: result + +- name: test_panos_l3_subinterface - Assert create (idempotence) was successful + assert: + that: + - result is success + - result is not changed + +- name: test_panos_l3_subinterface - Modify + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 1 + register: result + +- name: test_panos_l3_subinterface - Assert modify was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l3_subinterface - Gather all + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: '*' + register: result + +- name: test_panos_l3_subinterface - Assert gather all returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 1 }}" + +- name: test_panos_l3_subinterface - Gather by parameter with one match + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: 'name ends-with 1' + register: result + +- name: test_panos_l3_subinterface - Assert gather by parameter with one match returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 1 }}" + +- name: test_panos_l3_subinterface - Gather by parameter with no match + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + parent_interface: 'ethernet1/1' + state: 'gathered' + gathered_filter: 'name ends-with 2' + register: result + +- name: test_panos_l3_subinterface - Assert gather by parameter with no match returned result + assert: + that: + - result is success + - "{{ result.gathered | length == 0 }}" + +- name: test_panos_l3_subinterface - Delete + paloaltonetworks.panos.panos_l3_subinterface: + provider: '{{ device }}' + name: 'ethernet1/1.1' + tag: 2 + state: 'absent' + register: result + +- name: test_panos_l3_subinterface - Assert delete was successful + assert: + that: + - result is success + - result is changed + +- name: test_panos_l3_subinterface - Make sure changes commit cleanly + paloaltonetworks.panos.panos_commit_firewall: + provider: '{{ device }}' + register: result + +- name: test_panos_l3_subinterface - Assert commit was successful + assert: + that: + - result is success From a2870f5d742a6d6dd2e759e101ba1b6fcc9e6ee9 Mon Sep 17 00:00:00 2001 From: Adrian Celebanski <135693994+acelebanski@users.noreply.github.com> Date: Tue, 16 Apr 2024 11:10:33 +0200 Subject: [PATCH 4/5] feat: Add new option to panos_active_in_ha module (#560) --- plugins/modules/panos_active_in_ha.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/plugins/modules/panos_active_in_ha.py b/plugins/modules/panos_active_in_ha.py index 3a7e42aa9..5d10c1d7d 100644 --- a/plugins/modules/panos_active_in_ha.py +++ b/plugins/modules/panos_active_in_ha.py @@ -53,6 +53,12 @@ node's current state in an HA pair. Can be useful when working with partially upgraded nodes. Use with caution. type: bool default: false + ignore_non_functional: + description: + - Use with caution, when set to `True` will ignore if device state is `non-functional` on one of the nodes. Helpful + when verifying a state of a partially upgraded HA pair with vmseries plugin version mismatch. + type: bool + default: false # """ EXAMPLES = """ @@ -112,6 +118,7 @@ def main(): argument_spec=dict( force_fail=dict(type="bool", default=False), skip_config_sync=dict(type="bool", default=False), + ignore_non_functional=dict(type="bool", default=False), ), panorama_error="This is a firewall only module", ) @@ -123,7 +130,8 @@ def main(): firewall = FirewallProxy(firewall=helper.get_pandevice_parent(module)) is_active = CheckFirewall(firewall).check_is_ha_active( - skip_config_sync=module.params["skip_config_sync"] + skip_config_sync=module.params["skip_config_sync"], + ignore_non_functional=module.params["ignore_non_functional"], ) if module.params["force_fail"]: From 8e6e2509a9d88a60890f21a9205e3f38ec81512d Mon Sep 17 00:00:00 2001 From: itsamemarkus <34944988+itsamemarkus@users.noreply.github.com> Date: Wed, 17 Apr 2024 12:51:16 +0200 Subject: [PATCH 5/5] docs: replaced pan-os-upgrade-assurance with panos-upgrade-assurance (#557) --- plugins/modules/panos_active_in_ha.py | 2 +- plugins/modules/panos_readiness_checks.py | 2 +- plugins/modules/panos_snapshot_report.py | 2 +- plugins/modules/panos_state_snapshot.py | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/plugins/modules/panos_active_in_ha.py b/plugins/modules/panos_active_in_ha.py index 5d10c1d7d..eff95c0c0 100644 --- a/plugins/modules/panos_active_in_ha.py +++ b/plugins/modules/panos_active_in_ha.py @@ -33,7 +33,7 @@ requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) - - pan-os-upgrade-assurance can be obtained from PyPI U(https://pypi.org/project/panos-upgrade-assurance) + - panos-upgrade-assurance can be obtained from PyPI U(https://pypi.org/project/panos-upgrade-assurance) notes: - Panorama is not supported. - Check mode is not supported. diff --git a/plugins/modules/panos_readiness_checks.py b/plugins/modules/panos_readiness_checks.py index a53e4a364..8512452f7 100644 --- a/plugins/modules/panos_readiness_checks.py +++ b/plugins/modules/panos_readiness_checks.py @@ -35,7 +35,7 @@ requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) - - pan-os-upgrade-assurance can be obtained from PyPI U(https://pypi.org/project/panos-upgrade-assurance) + - panos-upgrade-assurance can be obtained from PyPI U(https://pypi.org/project/panos-upgrade-assurance) notes: - Panorama is not supported. - Check mode is not supported. diff --git a/plugins/modules/panos_snapshot_report.py b/plugins/modules/panos_snapshot_report.py index 81e6e77ab..53969e96c 100644 --- a/plugins/modules/panos_snapshot_report.py +++ b/plugins/modules/panos_snapshot_report.py @@ -38,7 +38,7 @@ requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) - - pan-os-upgrade-assurance can be obtained from PyPI U(https://pypi.python.org/pypi/pan-os-upgrade-assurance) + - panos-upgrade-assurance can be obtained from PyPI U(https://pypi.python.org/pypi/panos-upgrade-assurance) notes: - This is an offline module, no device connection is made. - Check mode is not supported. diff --git a/plugins/modules/panos_state_snapshot.py b/plugins/modules/panos_state_snapshot.py index 304441326..8e4284fa0 100644 --- a/plugins/modules/panos_state_snapshot.py +++ b/plugins/modules/panos_state_snapshot.py @@ -35,7 +35,7 @@ requirements: - pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python) - pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice) - - pan-os-upgrade-assurance can be obtained from PyPI U(https://pypi.python.org/pypi/pan-os-upgrade-assurance) + - panos-upgrade-assurance can be obtained from PyPI U(https://pypi.python.org/pypi/panos-upgrade-assurance) notes: - Panorama is not supported. - Check mode is not supported.