junipernetworks.junos.junos_acl_interfaces – ACL interfaces resource module¶

Note

This plugin is part of the junipernetworks.junos collection (version 1.3.0).

To install it use: ansible-galaxy collection install junipernetworks.junos.

To use it in a playbook, specify: junipernetworks.junos.junos_acl_interfaces.

New in version 1.0.0: of junipernetworks.junos

Synopsis
Requirements
Parameters
Notes
Examples
Return Values

Synopsis ¶

This module manages adding and removing Access Control Lists (ACLs) from interfaces on devices running Juniper JUNOS.

Note

This module has a corresponding action plugin.

Requirements ¶

The below requirements are needed on the host that executes this module.

ncclient (>=v0.6.4)
xmltodict (>=0.12.0)

Parameters ¶

Parameter				Choices/Defaults	Comments
config list / elements=dictionary					A dictionary of ACL options for interfaces.
	access_groups list / elements=dictionary				Specifies ACLs attached to the interface.
		acls list / elements=dictionary			Specifies the ACLs for the provided AFI.
			direction string	Choices: in out	Specifies the direction of packets that the ACL will be applied on.
			name string		Specifies the name of the IPv4/IPv4 ACL for the interface.
		afi string		Choices: ipv4 ipv6	Specifies the AFI for the ACL(s) to be configured on this interface.
	name string				Name/Identifier for the interface.
running_config string					This option is used only with state parsed. The value of this option should be the output received from the Junos device by executing the command show interfaces. The state parsed reads the configuration from `running_config` option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result
state string				Choices: merged ← replaced overridden deleted gathered rendered parsed	The state the configuration should be left in.

Notes ¶

Note

This module requires the netconf system service be enabled on the device being managed.
This module works with connection netconf. See the Junos OS Platform Options.
Tested against JunOS v18.4R1

Examples ¶

# Using deleted

# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface with filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input inbound_acl;
#                 output outbound_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }

- name: Delete JUNOS L3 interface filter
  junipernetworks.junos.junos_acl_interfaces:
    config:
    - name: ge-1/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: inbound_acl
          direction: in
        - name: outbound_acl
          direction: out
      state: deleted

# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface with filter";
#     unit 0 {
#         family inet {
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }


# Using merged

# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface without filter";
#     unit 0 {
#         family inet {
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }

- name: Merge JUNOS L3 interface filter
  junipernetworks.junos.junos_acl_interfaces:
    config:
    - name: ge-1/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: inbound_acl
          direction: in
        - name: outbound_acl
          direction: out
      state: merged

# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface with filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input inbound_acl;
#                 output outbound_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }


# Using overridden

# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface without filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input foo_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }

- name: Override JUNOS L3 interface filter
  junipernetworks.junos.junos_acl_interfaces:
    config:
    - name: ge-1/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: inbound_acl
          direction: in
        - name: outbound_acl
          direction: out
      state: overridden

# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface with filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input inbound_acl;
#                 output outbound_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }


# Using replaced

# Before state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface without filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input foo_acl;
#                 output outbound_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }

- name: Replace JUNOS L3 interface filter
  junipernetworks.junos.junos_acl_interfaces:
    config:
    - name: ge-1/0/0
      access_groups:
      - afi: ipv4
        acls:
        - name: inbound_acl
          direction: in
      state: replaced

# After state:
# -------------
#
# admin# show interfaces
# ge-1/0/0 {
#     description "L3 interface with filter";
#     unit 0 {
#         family inet {
#             filter {
#                 input inbound_acl;
#                 output outbound_acl;
#             }
#             address 100.64.0.1/10;
#             address 100.64.0.2/10;
#         }
#         family inet6;
#     }

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
after dictionary	when changed	The resulting configuration model invocation. Sample: The configuration returned will always be in the same format of the parameters above.
before dictionary	always	The configuration prior to the model invocation. Sample: The configuration returned will always be in the same format of the parameters above.
commands list / elements=string	always	The set of commands pushed to the remote device. Sample: ['command 1', 'command 2', 'command 3']

Authors¶

Daniel Mellado (@dmellado)

junipernetworks.junos.junos_acl_interfaces – ACL interfaces resource module¶

Synopsis¶

Requirements¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Authors¶

Synopsis ¶

Requirements ¶

Parameters ¶

Notes ¶

Examples ¶

Return Values ¶