community.network.nuage_vspk – Manage Nuage VSP environments

Note

This plugin is part of the community.network collection (version 2.1.1).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.nuage_vspk.

Synopsis

  • Manage or find Nuage VSP entities, this includes create, update, delete, assign, unassign and find, with all supported properties.

Requirements

The below requirements are needed on the host that executes this module.

  • Python 2.7

  • Supports Nuage VSP 4.0Rx & 5.x.y

  • Proper VSPK-Python installed for your Nuage version

  • Tested with NuageX https://nuagex.io

Parameters

Parameter Choices/Defaults Comments
auth
string / required
Dict with the authentication information required to connect to a Nuage VSP environment.
Requires a api_username parameter (example csproot).
Requires either a api_password parameter (example csproot) or a api_certificate and api_key parameters, which point to the certificate and key files for certificate based authentication.
Requires a api_enterprise parameter (example csp).
Requires a api_url parameter (example https://10.0.0.10:8443).
Requires a api_version parameter (example v4_0).
children
string
Can be used to specify a set of child entities.
A mandatory property of each child is the type.
Supported optional properties of each child are id, properties and match_filter.
The function of each of these properties is the same as in the general task definition.
This can be used recursively
Only useable in case state=present.
command
string
    Choices:
  • find
  • change_password
  • wait_for_job
  • get_csp_enterprise
Specifies a command to be executed.
With command=find, if parent_id and parent_type are defined, it will only search within the parent. Otherwise, if allowed, will search in the root object.
With command=find, if id is specified, it will only return the single entity matching the id.
With command=find, otherwise, if match_filter is define, it will use that filter to search.
With command=find, otherwise, if properties are defined, it will do an AND search using all properties.
With command=change_password, a password of a user can be changed. Warning - In case the password is the same as the existing, it will throw an error.
With command=wait_for_job, the module will wait for a job to either have a status of SUCCESS or ERROR. In case an ERROR status is found, the module will exit with an error.
With command=wait_for_job, the job will always be returned, even if the state is ERROR situation.
Either state or command needs to be defined, both can not be defined at the same time.
id
string
The ID of the entity you want to work on.
In combination with command=find, it will only return the single entity.
In combination with state, it will either update or delete this entity.
Will take precedence over match_filter and properties whenever an entity needs to be found.
match_filter
string
A filter used when looking (both in command and state for entities, in the format the Nuage VSP API expects.
If match_filter is defined, it will take precedence over the properties, but not on the id
parent_id
string
The ID of the parent of the entity you want to work on.
When state is specified, the entity will be gathered from this parent, if it exists, unless an id is specified.
When command=find is specified, the entity will be searched for in this parent, unless an id is specified.
If specified, parent_type also needs to be specified.
parent_type
string
The type of parent the ID is specified for (example Enterprise).
This should match the objects CamelCase class name in VSPK-Python.
If specified, parent_id also needs to be specified.
properties
string
Properties are the key, value pairs of the different properties an entity has.
If no id and no match_filter is specified, these are used to find or determine if the entity exists.
state
string
    Choices:
  • present
  • absent
Specifies the desired state of the entity.
If state=present, in case the entity already exists, will update the entity if it is needed.
If state=present, in case the relationship with the parent is a member relationship, will assign the entity as a member of the parent.
If state=absent, in case the relationship with the parent is a member relationship, will unassign the entity as a member of the parent.
Either state or command needs to be defined, both can not be defined at the same time.
type
string / required
The type of entity you want to work on (example Enterprise).
This should match the objects CamelCase class name in VSPK-Python.

Notes

Note

  • Check mode is supported, but with some caveats. It will not do any changes, and if possible try to determine if it is able do what is requested.

  • In case a parent id is provided from a previous task, it might be empty and if a search is possible on root, it will do so, which can impact performance.

Examples

# This can be executed as a single role, with the following vars
# vars:
#   auth:
#     api_username: csproot
#     api_password: csproot
#     api_enterprise: csp
#     api_url: https://10.0.0.10:8443
#     api_version: v5_0
#   enterprise_name: Ansible-Enterprise
#   enterprise_new_name: Ansible-Updated-Enterprise
#
# or, for certificate based authentication
# vars:
#   auth:
#     api_username: csproot
#     api_certificate: /path/to/user-certificate.pem
#     api_key: /path/to/user-Key.pem
#     api_enterprise: csp
#     api_url: https://10.0.0.10:8443
#     api_version: v5_0
#   enterprise_name: Ansible-Enterprise
#   enterprise_new_name: Ansible-Updated-Enterprise

# Creating a new enterprise
- name: Create Enterprise
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Enterprise
    state: present
    properties:
      name: "{{ enterprise_name }}-basic"
  register: nuage_enterprise

# Checking if an Enterprise with the new name already exists
- name: Check if an Enterprise exists with the new name
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Enterprise
    command: find
    properties:
      name: "{{ enterprise_new_name }}-basic"
  ignore_errors: yes
  register: nuage_check_enterprise

# Updating an enterprise's name
- name: Update Enterprise name
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Enterprise
    id: "{{ nuage_enterprise.id }}"
    state: present
    properties:
      name: "{{ enterprise_new_name }}-basic"
  when: nuage_check_enterprise is failed

# Creating a User in an Enterprise
- name: Create admin user
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: User
    parent_id: "{{ nuage_enterprise.id }}"
    parent_type: Enterprise
    state: present
    match_filter: "userName == 'ansible-admin'"
    properties:
      email: "[email protected]"
      first_name: "Ansible"
      last_name: "Admin"
      password: "ansible-password"
      user_name: "ansible-admin"
  register: nuage_user

# Updating password for User
- name: Update admin password
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: User
    id: "{{ nuage_user.id }}"
    command: change_password
    properties:
      password: "ansible-new-password"
  ignore_errors: yes

# Finding a group in an enterprise
- name: Find Administrators group in Enterprise
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Group
    parent_id: "{{ nuage_enterprise.id }}"
    parent_type: Enterprise
    command: find
    properties:
      name: "Administrators"
  register: nuage_group

# Assign the user to the group
- name: Assign admin user to administrators
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: User
    id: "{{ nuage_user.id }}"
    parent_id: "{{ nuage_group.id }}"
    parent_type: Group
    state: present

# Creating multiple DomainTemplates
- name: Create multiple DomainTemplates
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: DomainTemplate
    parent_id: "{{ nuage_enterprise.id }}"
    parent_type: Enterprise
    state: present
    properties:
      name: "{{ item }}"
      description: "Created by Ansible"
  with_items:
    - "Template-1"
    - "Template-2"

# Finding all DomainTemplates
- name: Fetching all DomainTemplates
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: DomainTemplate
    parent_id: "{{ nuage_enterprise.id }}"
    parent_type: Enterprise
    command: find
  register: nuage_domain_templates

# Deleting all DomainTemplates
- name: Deleting all found DomainTemplates
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: DomainTemplate
    state: absent
    id: "{{ item.ID }}"
  with_items: "{{ nuage_domain_templates.entities }}"
  when: nuage_domain_templates.entities is defined

# Unassign user from group
- name: Unassign admin user to administrators
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: User
    id: "{{ nuage_user.id }}"
    parent_id: "{{ nuage_group.id }}"
    parent_type: Group
    state: absent

# Deleting an enterprise
- name: Delete Enterprise
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Enterprise
    id: "{{ nuage_enterprise.id }}"
    state: absent

# Setup an enterprise with Children
- name: Setup Enterprise and domain structure
  connection: local
  community.network.nuage_vspk:
    auth: "{{ nuage_auth }}"
    type: Enterprise
    state: present
    properties:
      name: "Child-based-Enterprise"
    children:
    - type: L2DomainTemplate
      properties:
        name: "Unmanaged-Template"
      children:
      - type: EgressACLTemplate
        match_filter: "name == 'Allow All'"
        properties:
          name: "Allow All"
          active: true
          default_allow_ip: true
          default_allow_non_ip: true
          default_install_acl_implicit_rules: true
          description: "Created by Ansible"
          priority_type: "TOP"
      - type: IngressACLTemplate
        match_filter: "name == 'Allow All'"
        properties:
          name: "Allow All"
          active: true
          default_allow_ip: true
          default_allow_non_ip: true
          description: "Created by Ansible"
          priority_type: "TOP"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
entities
list / elements=string
On state=present and find, with only one element in case of state=present or find=one.
A list of entities handled. Each element is the to_dict() of the entity.

Sample:
[{'ID': 'acabc435-3946-4117-a719-b8895a335830"', 'assocEntityType': 'DOMAIN', 'command': 'BEGIN_POLICY_CHANGES', 'creationDate': 1487515656000, 'entityScope': 'ENTERPRISE', 'externalID': None, 'lastUpdatedBy': '8a6f0e20-a4db-4878-ad84-9cc61756cd5e', 'lastUpdatedDate': 1487515656000, 'owner': '8a6f0e20-a4db-4878-ad84-9cc61756cd5e', 'parameters': None, 'parentID': 'a22fddb9-3da4-4945-bd2e-9d27fe3d62e0', 'parentType': 'domain', 'progress': 0.0, 'result': None, 'status': 'RUNNING'}]
id
string
On state=present and command=find in case one entity was found.
The id of the entity that was found, created, updated or assigned.

Sample:
bae07d8d-d29c-4e2b-b6ba-621b4807a333


Authors

  • Philippe Dellaert (@pdellaert)