Server IP : 85.214.239.14 / Your IP : 3.138.61.88 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/ansible_collections/cisco/iosxr/plugins/modules/ |
Upload File : |
#!/usr/bin/python # -*- coding: utf-8 -*- # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) ############################################# # WARNING # ############################################# # # This file is auto generated by the resource # module builder playbook. # # Do not edit this file manually. # # Changes to this file will be over written # by the resource module builder. # # Changes should be made in the model used to # generate this file or in the resource module # builder template. # ############################################# """ The module file for iosxr_acls """ from __future__ import absolute_import, division, print_function __metaclass__ = type DOCUMENTATION = """ module: iosxr_acls short_description: Resource module to configure ACLs. description: - This module manages Access Control Lists (ACLs) on devices running IOS-XR. version_added: 1.0.0 author: Nilashish Chakraborty (@NilashishC) options: config: description: A list of dictionaries specifying ACL configurations. type: list elements: dict suboptions: afi: description: - The Address Family Indicator (AFI) for the Access Control Lists (ACL). type: str required: true choices: - ipv4 - ipv6 acls: description: - A list of Access Control Lists (ACLs). type: list elements: dict suboptions: name: description: - The name of the Access Control List (ACL). type: str aces: description: - List of Access Control Entries (ACEs) for this Access Control List (ACL). type: list elements: dict suboptions: sequence: description: - Sequence number for the Access Control Entry (ACE). type: int grant: description: - Forward or drop packets matching the Access Control Entry (ACE). type: str choices: - permit - deny remark: description: - Comments or a description for the access list. type: str line: description: - An ACE excluding the sequence number. - This key is mutually exclusive with all the other attributes except 'sequence'. - When used with other attributes, the value of this key will get precedence and the other keys will be ignored. - This should only be used when an attribute doesn't exist in the argspec but is valid for the device. - For fact gathering, any ACE that is not fully parsed, will show up as a value of this attribute, excluding the sequence number, which will be populated as value of the sequence key. type: str aliases: - ace source: description: - Specifies the packet source. type: dict suboptions: host: description: - The host IP address to match. type: str net_group: description: - Name of net-group. type: str port_group: description: - Name of port-group. type: str address: description: - The source IP address to match. type: str wildcard_bits: description: - The Wildcard bits to apply to source address. type: str any: description: - Match any source address. type: bool prefix: description: - Source network prefix. type: str port_protocol: description: - Specify the source port or protocol. type: dict suboptions: eq: description: - Match only packets on a given port number. type: str gt: description: - Match only packets with a greater port number. type: str lt: description: - Match only packets with a lower port number. type: str neq: description: - Match only packets not on a given port number. type: str range: description: - Match only packets in the range of port numbers type: dict suboptions: start: description: - Specify the start of the port range type: str end: description: - Specify the end of the port range type: str destination: description: - Specifies the packet destination. type: dict suboptions: host: description: - The host IP address to match. type: str net_group: description: - Name of net-group. type: str port_group: description: - Name of port-group. type: str address: description: - The destination IP address to match. type: str wildcard_bits: description: - The Wildcard bits to apply to destination address. type: str any: description: - Match any destination address. type: bool prefix: description: - Destination network prefix. type: str port_protocol: description: - Specify the source port or protocol. type: dict suboptions: eq: description: - Match only packets on a given port number. type: str gt: description: - Match only packets with a greater port number. type: str lt: description: - Match only packets with a lower port number. type: str neq: description: - Match only packets not on a given port number. type: str range: description: - Match only packets in the range of port numbers type: dict suboptions: start: description: - Specify the start of the port range type: str end: description: - Specify the end of the port range type: str protocol: description: - Specify the protocol to match. - Refer to vendor documentation for valid values. type: str protocol_options: description: - Additional suboptions for the protocol. type: dict suboptions: icmpv6: description: Internet Control Message Protocol settings for IPv6. type: dict suboptions: address_unreachable: description: Address Unreachable type: bool administratively_prohibited: description: Administratively Prohibited type: bool beyond_scope_of_source_address: description: Administratively Prohibited type: bool destination_unreachable: description: Destination Unreachable type: bool echo: description: Echo type: bool echo_reply: description: Echo Reply type: bool erroneous_header_field: description: Erroneous Header Field type: bool group_membership_query: description: Group Membership Query type: bool group_membership_report: description: Group Membership Report type: bool group_membership_termination: description: Group Membership Termination type: bool host_unreachable: description: Host Unreachable type: bool nd_na: description: Neighbor Discovery - Neighbor Advertisement type: bool nd_ns: description: Neighbor Discovery - Neighbor Solicitation type: bool neighbor_redirect: description: Neighbor Redirect type: bool no_route_to_destination: description: No Route To Destination type: bool node_information_request_is_refused: description: Node Information Request Is Refused type: bool node_information_successful_reply: description: Node Information Successful Reply type: bool packet_too_big: description: Packet Too Big type: bool parameter_problem: description: Parameter Problem type: bool port_unreachable: description: Port Unreachable type: bool query_subject_is_IPv4address: description: Query Subject Is IPv4 address type: bool query_subject_is_IPv6address: description: Query Subject Is IPv6 address type: bool query_subject_is_domainname: description: Query Subject Is Domain name type: bool reassembly_timeout: description: Reassembly Timeout type: bool redirect: description: Redirect type: bool router_advertisement: description: Router Advertisement type: bool router_renumbering: description: Router Renumbering type: bool router_solicitation: description: Router Solicitation type: bool rr_command: description: RR Command type: bool rr_result: description: RR Result type: bool rr_seqnum_reset: description: RR Seqnum Reset type: bool time_exceeded: description: Time Exceeded type: bool ttl_exceeded: description: TTL Exceeded type: bool unknown_query_type: description: Unknown Query Type type: bool unreachable: description: Unreachable type: bool unrecognized_next_header: description: Unrecognized Next Header type: bool unrecognized_option: description: Unrecognized Option type: bool whoareyou_reply: description: Whoareyou Reply type: bool whoareyou_request: description: Whoareyou Request type: bool icmp: description: Internet Control Message Protocol settings. type: dict suboptions: administratively_prohibited: description: Administratively prohibited type: bool alternate_address: description: Alternate address type: bool conversion_error: description: Datagram conversion type: bool dod_host_prohibited: description: Host prohibited type: bool dod_net_prohibited: description: Net prohibited type: bool echo: description: Echo (ping) type: bool echo_reply: description: Echo reply type: bool general_parameter_problem: description: Parameter problem type: bool host_isolated: description: Host isolated type: bool host_precedence_unreachable: description: Host unreachable for precedence type: bool host_redirect: description: Host redirect type: bool host_tos_redirect: description: Host redirect for TOS type: bool host_tos_unreachable: description: Host unreachable for TOS type: bool host_unknown: description: Host unknown type: bool host_unreachable: description: Host unreachable type: bool information_reply: description: Information replies type: bool information_request: description: Information requests type: bool mask_reply: description: Mask replies type: bool mask_request: description: Mask requests type: bool mobile_redirect: description: Mobile host redirect type: bool net_redirect: description: Network redirect type: bool net_tos_redirect: description: Net redirect for TOS type: bool net_tos_unreachable: description: Network unreachable for TOS type: bool net_unreachable: description: Net unreachable type: bool network_unknown: description: Network unknown type: bool no_room_for_option: description: Parameter required but no room type: bool option_missing: description: Parameter required but not present type: bool packet_too_big: description: Fragmentation needed and DF set type: bool parameter_problem: description: All parameter problems type: bool port_unreachable: description: Port unreachable type: bool precedence_unreachable: description: Precedence cutoff type: bool protocol_unreachable: description: Protocol unreachable type: bool reassembly_timeout: description: Reassembly timeout type: bool redirect: description: All redirects type: bool router_advertisement: description: Router discovery advertisements type: bool router_solicitation: description: Router discovery solicitations type: bool source_quench: description: Source quenches type: bool source_route_failed: description: Source route failed type: bool time_exceeded: description: All time exceededs type: bool timestamp_reply: description: Timestamp replies type: bool timestamp_request: description: Timestamp requests type: bool traceroute: description: Traceroute type: bool ttl_exceeded: description: TTL exceeded type: bool unreachable: description: All unreachables type: bool tcp: description: Match TCP packet flags type: dict suboptions: ack: description: Match on the ACK bit type: bool established: description: Match established connections type: bool fin: description: Match on the FIN bit type: bool psh: description: Match on the PSH bit type: bool rst: description: Match on the RST bit type: bool syn: description: Match on the SYN bit type: bool urg: description: Match on the URG bit type: bool igmp: description: Internet Group Management Protocol (IGMP) settings. type: dict suboptions: dvmrp: description: Match Distance Vector Multicast Routing Protocol type: bool host_query: description: Match Host Query type: bool host_report: description: Match Host Report type: bool pim: description: Match Protocol Independent Multicast type: bool trace: description: Multicast trace type: bool mtrace: description: Match mtrace type: bool mtrace_response: description: Match mtrace response type: bool dscp: description: - Match packets with given DSCP value. type: dict suboptions: eq: description: Match only packets on a given dscp value type: str gt: description: Match only packets with a greater dscp value type: str lt: description: Match only packets with a lower dscp value type: str neq: description: Match only packets not on a given dscp value type: str range: description: Match only packets in the range of dscp values type: dict suboptions: start: description: Start of the dscp range type: str end: description: End of the dscp range type: str fragments: description: - Check non-intial fragments. type: bool packet_length: description: - Match packets given packet length. type: dict suboptions: eq: description: Match only packets on a given packet length type: int gt: description: Match only packets with a greater packet length type: int lt: description: Match only packets with a lower packet length type: int neq: description: Match only packets not on a given packet length type: int range: description: Match only packets in the range of packet lengths type: dict suboptions: start: description: Start of the packet length range type: int end: description: End of the packet length range type: int precedence: description: Match packets with given precedence value type: str ttl: description: Match against specified TTL value. type: dict suboptions: eq: description: Match only packets with exact TTL value. type: int gt: description: Match only packets with a greater TTL value. type: int lt: description: Match only packets with a lower TTL value. type: int neq: description: Match only packets that won't have the given TTL value. type: int range: description: Match only packets in the range of given TTL values. type: dict suboptions: start: description: Start of the TTL range. type: int end: description: End of the TTL range. type: int log: description: - Enable/disable log matches against this entry. type: bool log_input: description: - Enable/disable log matches against this entry, including input interface. type: bool icmp_off: description: - Enable/disable the ICMP message for this entry. type: bool capture: description: - Capture matched packet. type: bool destopts: description: - Match if destination opts header is present. type: bool authen: description: - Match if authentication header is present. type: bool routing: description: - Match if routing header is present. type: bool hop_by_hop: description: - Match if hop-by-hop opts header is present. type: bool running_config: description: - The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The I(running_config) argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command B(show running-config router static). type: str state: description: - The state the configuration should be left in. type: str choices: - merged - replaced - overridden - deleted - gathered - rendered - parsed default: merged """ EXAMPLES = """ # Using merged to add new ACLs # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:07:45.767 UTC # RP/0/RP0/CPU0:ios# - name: Merge the provided configuration with the existing running configuration cisco.iosxr.iosxr_acls: config: - afi: ipv6 acls: - name: acl6_1 aces: - sequence: 10 grant: deny protocol: tcp source: prefix: 2001:db8:1234::/48 port_protocol: range: start: ftp end: telnet destination: any: true protocol_options: tcp: syn: true ttl: range: start: 180 end: 250 routing: true authen: true log: true - sequence: 20 grant: permit protocol: icmpv6 source: any: true destination: any: true protocol_options: icmpv6: router_advertisement: true precedence: network destopts: true - afi: ipv4 acls: - name: acl_1 aces: - sequence: 16 remark: TEST_ACL_1_REMARK - sequence: 21 grant: permit protocol: tcp source: host: 192.0.2.10 port_protocol: range: start: pop3 end: 121 destination: address: 198.51.100.0 wildcard_bits: 0.0.0.15 protocol_options: tcp: rst: true - sequence: 23 grant: deny protocol: icmp source: any: true destination: prefix: 198.51.100.0/28 protocol_options: icmp: reassembly_timeout: true dscp: lt: af12 - name: acl_2 aces: - sequence: 10 remark: TEST_ACL_2_REMARK state: merged # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts # Using merged to update existing ACLs # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Update existing ACEs cisco.iosxr.iosxr_acls: config: - afi: ipv4 acls: - name: acl_1 aces: - sequence: 21 source: prefix: 198.51.100.32/28 port_protocol: range: start: pop3 end: 121 protocol_options: tcp: syn: true - sequence: 23 protocol_options: icmp: router_advertisement: true dscp: eq: af23 # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:47:18.711 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp 198.51.100.32 0.0.0.15 range pop3 121 198.51.100.0 0.0.0.15 syn # 23 deny icmp any 198.51.100.0 0.0.0.15 router-advertisement dscp eq af23 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts # Using replaced to replace a whole ACL # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Replace device configurations of listed ACL with provided configurations cisco.iosxr.iosxr_acls: config: - afi: ipv4 acls: - name: acl_2 aces: - sequence: 11 grant: permit protocol: igmp source: host: 198.51.100.130 destination: any: true ttl: eq: 100 - sequence: 12 grant: deny source: any: true destination: any: true protocol: icmp state: replaced # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 06:19:51.496 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp 198.51.100.32 0.0.0.15 range pop3 121 198.51.100.0 0.0.0.15 syn # 23 deny icmp any 198.51.100.0 0.0.0.15 router-advertisement dscp eq af23 # ipv4 access-list acl_2 # 11 permit igmp host 198.51.100.130 any ttl eq 100 # 12 deny icmp any any # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts # Using overridden to override all ACLs in the device # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Overridde all ACLs configuration with provided configuration cisco.iosxr.iosxr_acls: config: - afi: ipv4 acls: - name: acl_1 aces: - sequence: 10 grant: permit source: any: true destination: any: true protocol: tcp - name: acl_2 aces: - sequence: 20 grant: permit source: any: true destination: any: true protocol: igmp state: overridden # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 06:31:22.178 UTC # ipv4 access-list acl_1 # 10 permit tcp any any # ipv4 access-list acl_2 # 20 permit igmp any any # Using deleted to delete an entire ACL # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Delete a single ACL cisco.iosxr.iosxr_acls: config: - afi: ipv6 acls: - name: acl6_1 state: deleted # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # Using deleted to delete all ACLs under one AFI # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Delete all ACLs under one AFI cisco.iosxr.iosxr_acls: config: - afi: ipv4 state: deleted # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts # Using deleted to delete all ACLs from the device # Before state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:22:57.021 UTC # ipv4 access-list acl_1 # 16 remark TEST_ACL_1_REMARK # 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst # 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 # ipv4 access-list acl_2 # 10 remark TEST_ACL_2_REMARK # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network destopts - name: Delete all ACLs from the device cisco.iosxr.iosxr_acls: state: deleted # After state: # ------------- # RP/0/RP0/CPU0:ios#sh access-lists afi-all # Thu Feb 20 05:07:45.767 UTC # RP/0/RP0/CPU0:ios# # Using gathered to gather ACL facts from the device - name: Gather ACL interfaces facts using gathered state cisco.iosxr.iosxr_acls: state: gathered # Task Output (redacted) # ----------------------- # # "gathered": [ # { # "acls": [ # { # "aces": [ # { # "remark": "TEST_ACL_1_REMARK", # "sequence": 16 # }, # { # "destination": { # "address": "198.51.100.0", # "wildcard_bits": "0.0.0.15" # }, # "grant": "permit", # "protocol": "tcp", # "protocol_options": { # "tcp": { # "rst": true # } # }, # "sequence": 21, # "source": { # "host": "192.0.2.10", # "port_protocol": { # "range": { # "end": "121", # "start": "pop3" # } # } # } # }, # { # "destination": { # "address": "198.51.100.0", # "wildcard_bits": "0.0.0.15" # }, # "dscp": { # "lt": "af12" # }, # "grant": "deny", # "protocol": "icmp", # "protocol_options": { # "icmp": { # "reassembly_timeout": true # } # }, # "sequence": 23, # "source": { # "any": true # } # } # ], # "name": "acl_1" # }, # { # "aces": [ # { # "remark": "TEST_ACL_2_REMARK", # "sequence": 10 # } # ], # "name": "acl_2" # } # ], # "afi": "ipv4" # }, # { # "acls": [ # { # "aces": [ # { # "authen": true, # "destination": { # "any": true # }, # "grant": "deny", # "log": true, # "protocol": "tcp", # "protocol_options": { # "tcp": { # "syn": true # } # }, # "routing": true, # "sequence": 10, # "source": { # "port_protocol": { # "range": { # "end": "telnet", # "start": "ftp" # } # }, # "prefix": "2001:db8:1234::/48" # }, # "ttl": { # "range": { # "end": 250, # "start": 180 # } # } # }, # { # "destination": { # "any": true # }, # "destopts": true, # "grant": "permit", # "precedence": "network", # "protocol": "icmpv6", # "protocol_options": { # "icmpv6": { # "router_advertisement": true # } # }, # "sequence": 20, # "source": { # "any": true # } # } # ], # "name": "acl6_1" # } # ], # "afi": "ipv6" # } # ] # Using rendered - name: Render platform specific commands (without connecting to the device) cisco.iosxr.iosxr_acls: config: - afi: ipv4 acls: - name: acl_2 aces: - sequence: 11 grant: permit protocol: igmp source: host: 198.51.100.130 destination: any: true ttl: eq: 100 - sequence: 12 grant: deny source: any: true destination: any: true protocol: icmp state: rendered # Task Output (redacted) # ----------------------- # "rendered": [ # "ipv4 access-list acl_2", # "11 permit igmp host 198.51.100.130 any ttl eq 100", # "12 deny icmp any any" # Using parsed # parsed.cfg # ------------ # # ipv4 access-list acl_1 # 10 remark TEST_ACL_2_REMARK # ipv4 access-list acl_2 # 11 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 authen routing log # 21 permit icmpv6 any any router-advertisement precedence network packet-length eq 576 destopts # ipv6 access-list acl6_1 # 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 routing authen log # 20 permit icmpv6 any any router-advertisement precedence network packet-length eq 576 destopts - name: Parse externally provided ACL config to agnostic model cisco.iosxr.iosxr_acls: running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed # Task Output (redacted) # ----------------------- # "parsed": [ # { # "acls": [ # { # "aces": [ # { # "remark": "TEST_ACL_2_REMARK", # "sequence": 10 # } # ], # "name": "acl_1" # }, # { # "aces": [ # { # "authen": true, # "destination": { # "any": true # }, # "grant": "deny", # "log": true, # "protocol": "tcp", # "protocol_options": { # "tcp": { # "syn": true # } # }, # "routing": true, # "sequence": 11, # "source": { # "port_protocol": { # "range": { # "end": "telnet", # "start": "ftp" # } # }, # "prefix": "2001:db8:1234::/48" # }, # "ttl": { # "range": { # "end": 250, # "start": 180 # } # } # }, # { # "destination": { # "any": true # }, # "destopts": true, # "grant": "permit", # "packet_length": { # "eq": 576 # }, # "precedence": "network", # "protocol": "icmpv6", # "protocol_options": { # "icmpv6": { # "router_advertisement": true # } # }, # "sequence": 21, # "source": { # "any": true # } # } # ], # "name": "acl_2" # } # ], # "afi": "ipv4" # }, # { # "acls": [ # { # "aces": [ # { # "authen": true, # "destination": { # "any": true # }, # "grant": "deny", # "log": true, # "protocol": "tcp", # "protocol_options": { # "tcp": { # "syn": true # } # }, # "routing": true, # "sequence": 10, # "source": { # "port_protocol": { # "range": { # "end": "telnet", # "start": "ftp" # } # }, # "prefix": "2001:db8:1234::/48" # }, # "ttl": { # "range": { # "end": 250, # "start": 180 # } # } # }, # { # "destination": { # "any": true # }, # "destopts": true, # "grant": "permit", # "packet_length": { # "eq": 576 # }, # "precedence": "network", # "protocol": "icmpv6", # "protocol_options": { # "icmpv6": { # "router_advertisement": true # } # }, # "sequence": 20, # "source": { # "any": true # } # } # ], # "name": "acl6_1" # } # ], # "afi": "ipv6" # } # ] """ RETURN = """ before: description: The configuration prior to the model invocation. returned: always type: list sample: > The configuration returned will always be in the same format of the parameters above. after: description: The resulting configuration model invocation. returned: when changed type: list sample: > The configuration returned will always be in the same format of the parameters above. commands: description: The set of commands pushed to the remote device. returned: always type: list sample: - ipv6 access-list acl6_1 - 10 deny tcp 2001:db8:1234::/48 range ftp telnet any syn ttl range 180 250 authen routing log - 20 permit icmpv6 any any router-advertisement precedence network destopts - ipv4 access-list acl_1 - 16 remark TEST_ACL_1_REMARK - 21 permit tcp host 192.0.2.10 range pop3 121 198.51.100.0 0.0.0.15 rst - 23 deny icmp any 198.51.100.0 0.0.0.15 reassembly-timeout dscp lt af12 """ from ansible.module_utils.basic import AnsibleModule from ansible_collections.cisco.iosxr.plugins.module_utils.network.iosxr.argspec.acls.acls import ( AclsArgs, ) from ansible_collections.cisco.iosxr.plugins.module_utils.network.iosxr.config.acls.acls import Acls def main(): """ Main entry point for module execution :returns: the result form module invocation """ required_if = [ ("state", "merged", ("config",)), ("state", "replaced", ("config",)), ("state", "overridden", ("config",)), ("state", "rendered", ("config",)), ("state", "parsed", ("running_config",)), ] module = AnsibleModule( argument_spec=AclsArgs.argument_spec, required_if=required_if, supports_check_mode=True, ) result = Acls(module).execute_module() module.exit_json(**result) if __name__ == "__main__": main()