Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

#!/usr/bin/python 

# -*- coding: utf-8 -*- 

 

# Copyright: (c) 2018, Kevin Breit (@kbreit) <kevin.breit@kevinbreit.net> 

# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 

 

from __future__ import absolute_import, division, print_function 

__metaclass__ = type 

 

ANSIBLE_METADATA = { 

'metadata_version': '1.1', 

'status': ['preview'], 

'supported_by': 'community' 

} 

 

DOCUMENTATION = r''' 

--- 

module: meraki_site_to_site_vpn 

short_description: Manage AutoVPN connections in Meraki 

version_added: "2.10" 

description: 

- Allows for creation, management, and visibility into AutoVPNs implemented on Meraki MX firewalls. 

options: 

state: 

description: 

- Create or modify an organization. 

choices: ['present', 'query'] 

default: present 

type: str 

net_name: 

description: 

- Name of network which MX firewall is in. 

type: str 

net_id: 

description: 

- ID of network which MX firewall is in. 

type: str 

mode: 

description: 

- Set VPN mode for network 

choices: ['none', 'hub', 'spoke'] 

type: str 

hubs: 

description: 

- List of hubs to assign to a spoke. 

type: list 

suboptions: 

hub_id: 

description: 

- Network ID of hub 

type: str 

use_default_route: 

description: 

- Indicates whether deafult troute traffic should be sent to this hub. 

- Only valid in spoke mode. 

type: bool 

subnets: 

description: 

- List of subnets to advertise over VPN. 

type: list 

suboptions: 

local_subnet: 

description: 

- CIDR formatted subnet. 

type: str 

use_vpn: 

description: 

- Whether to advertise over VPN. 

type: bool 

author: 

- Kevin Breit (@kbreit) 

extends_documentation_fragment: meraki 

''' 

 

EXAMPLES = r''' 

- name: Set hub mode 

meraki_site_to_site_vpn: 

auth_key: abc123 

state: present 

org_name: YourOrg 

net_name: hub_network 

mode: hub 

delegate_to: localhost 

register: set_hub 

 

- name: Set spoke mode 

meraki_site_to_site_vpn: 

auth_key: abc123 

state: present 

org_name: YourOrg 

net_name: spoke_network 

mode: spoke 

hubs: 

- hub_id: N_1234 

use_default_route: false 

delegate_to: localhost 

register: set_spoke 

 

- name: Query rules for hub 

meraki_site_to_site_vpn: 

auth_key: abc123 

state: query 

org_name: YourOrg 

net_name: hub_network 

delegate_to: localhost 

register: query_all_hub 

''' 

 

RETURN = r''' 

data: 

description: VPN settings. 

returned: success 

type: complex 

contains: 

mode: 

description: Mode assigned to network. 

returned: always 

type: str 

sample: spoke 

hubs: 

description: Hub networks to associate to. 

returned: always 

type: complex 

contains: 

hub_id: 

description: ID of hub network. 

returned: always 

type: complex 

sample: N_12345 

use_default_route: 

description: Whether to send all default route traffic over VPN. 

returned: always 

type: bool 

sample: true 

subnets: 

description: List of subnets to advertise over VPN. 

returned: always 

type: complex 

contains: 

local_subnet: 

description: CIDR formatted subnet. 

returned: always 

type: str 

sample: 192.168.1.0/24 

use_vpn: 

description: Whether subnet should use the VPN. 

returned: always 

type: bool 

sample: true 

''' 

 

from ansible.module_utils.basic import AnsibleModule, json 

from ansible_collections.cisco.meraki.plugins.module_utils.network.meraki.meraki import MerakiModule, meraki_argument_spec 

from copy import deepcopy 

 

 

def assemble_payload(meraki): 

payload = {'mode': meraki.params['mode']} 

if meraki.params['hubs'] is not None: 

payload['hubs'] = meraki.params['hubs'] 

for hub in payload['hubs']: 

hub['hubId'] = hub.pop('hub_id') 

hub['useDefaultRoute'] = hub.pop('use_default_route') 

if meraki.params['subnets'] is not None: 

payload['subnets'] = meraki.params['subnets'] 

for subnet in payload['subnets']: 

subnet['localSubnet'] = subnet.pop('local_subnet') 

subnet['useVpn'] = subnet.pop('use_vpn') 

return payload 

 

 

def main(): 

# define the available arguments/parameters that a user can pass to 

# the module 

 

hubs_args = dict(hub_id=dict(type='str'), 

use_default_route=dict(type='bool'), 

) 

subnets_args = dict(local_subnet=dict(type='str'), 

use_vpn=dict(type='bool'), 

) 

 

argument_spec = meraki_argument_spec() 

argument_spec.update(state=dict(type='str', choices=['present', 'query'], default='present'), 

net_name=dict(type='str'), 

net_id=dict(type='str'), 

hubs=dict(type='list', default=None, elements='dict', options=hubs_args), 

subnets=dict(type='list', default=None, elements='dict', options=subnets_args), 

mode=dict(type='str', choices=['none', 'hub', 'spoke']), 

) 

 

# the AnsibleModule object will be our abstraction working with Ansible 

# this includes instantiation, a couple of common attr would be the 

# args/params passed to the execution, as well as if the module 

# supports check mode 

module = AnsibleModule(argument_spec=argument_spec, 

supports_check_mode=True, 

) 

meraki = MerakiModule(module, function='site_to_site_vpn') 

 

meraki.params['follow_redirects'] = 'all' 

 

query_urls = {'site_to_site_vpn': '/networks/{net_id}/siteToSiteVpn/'} 

update_urls = {'site_to_site_vpn': '/networks/{net_id}/siteToSiteVpn/'} 

 

meraki.url_catalog['get_all'].update(query_urls) 

meraki.url_catalog['update'] = update_urls 

 

payload = None 

 

# manipulate or modify the state as needed (this is going to be the 

# part where your module will do what it needs to do) 

org_id = meraki.params['org_id'] 

214 ↛ 219line 214 didn't jump to line 219, because the condition on line 214 was never false if org_id is None: 

orgs = meraki.get_orgs() 

for org in orgs: 

if org['name'] == meraki.params['org_name']: 

org_id = org['id'] 

net_id = meraki.params['net_id'] 

220 ↛ 224line 220 didn't jump to line 224, because the condition on line 220 was never false if net_id is None: 

net_id = meraki.get_net_id(net_name=meraki.params['net_name'], 

data=meraki.get_nets(org_id=org_id)) 

 

if meraki.params['state'] == 'query': 

path = meraki.construct_path('get_all', net_id=net_id) 

response = meraki.request(path, method='GET') 

meraki.result['data'] = response 

228 ↛ 244line 228 didn't jump to line 244, because the condition on line 228 was never false elif meraki.params['state'] == 'present': 

path = meraki.construct_path('get_all', net_id=net_id) 

original = meraki.request(path, method='GET') 

payload = assemble_payload(meraki) 

comparable = deepcopy(original) 

comparable.update(payload) 

234 ↛ 240line 234 didn't jump to line 240, because the condition on line 234 was never false if meraki.is_update_required(original, payload): 

path = meraki.construct_path('update', net_id=net_id) 

response = meraki.request(path, method='PUT', payload=json.dumps(payload)) 

meraki.result['changed'] = True 

meraki.result['data'] = response 

else: 

meraki.result['data'] = original 

 

# in the event of a successful module execution, you will want to 

# simple AnsibleModule.exit_json(), passing the key/value results 

meraki.exit_json(**meraki.result) 

 

 

247 ↛ exitline 247 didn't exit the module, because the condition on line 247 was never falseif __name__ == '__main__': 

main()