.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. role:: ansible-attribute-support-label .. role:: ansible-attribute-support-property .. role:: ansible-attribute-support-full .. role:: ansible-attribute-support-partial .. role:: ansible-attribute-support-none .. role:: ansible-attribute-support-na .. role:: ansible-option-type .. role:: ansible-option-elements .. role:: ansible-option-required .. role:: ansible-option-versionadded .. role:: ansible-option-aliases .. role:: ansible-option-choices .. role:: ansible-option-choices-default-mark .. role:: ansible-option-default-bold .. role:: ansible-option-configuration .. role:: ansible-option-returned-bold .. role:: ansible-option-sample-bold .. Anchors .. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module: .. Anchors: short name for ansible.builtin .. Anchors: aliases .. Title amnesh.soodar.soodar_acl_interfaces module -- Configure and manage access-control (ACL) attributes of interfaces on Soodar devices. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `amnesh.soodar collection `_ (version 1.0.0). To install it, use: :code:`ansible-galaxy collection install https://soodar.ir/ansible/amnesh.soodar.tar.gz`. To use it in a playbook, specify: :code:`amnesh.soodar.soodar_acl_interfaces`. .. version_added .. rst-class:: ansible-version-added New in amnesh.soodar 1.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module configures and manages the access-control (ACL) attributes of interfaces on Soodar platforms. .. note:: This module has a corresponding :ref:`action plugin `. .. Aliases .. Requirements .. Options Parameters ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Parameter - Comments * - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config: .. rst-class:: ansible-option-title **config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html
- .. raw:: html
A dictionary of ACL interfaces options .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/access_groups: .. rst-class:: ansible-option-title **access_groups** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html
- .. raw:: html
Specify access-group for IP access list (standard or extended). .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/access_groups/acls: .. rst-class:: ansible-option-title **acls** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html
- .. raw:: html
Specifies the ACLs for the provided AFI. .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/access_groups/acls/direction: .. rst-class:: ansible-option-title **direction** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html
- .. raw:: html
Specifies the direction of packets that the ACL will be applied on. With one direction already assigned, other acl direction cannot be same. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"in"` - :ansible-option-choices-entry:`"out"` .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/access_groups/acls/name: .. rst-class:: ansible-option-title **name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html
- .. raw:: html
Specifies the name of the IPv4/IPv4 ACL for the interface. .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/access_groups/afi: .. rst-class:: ansible-option-title **afi** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html
- .. raw:: html
Specifies the AFI for the ACLs to be configured on this interface. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"ipv4"` - :ansible-option-choices-entry:`"ipv6"` .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-config/name: .. rst-class:: ansible-option-title **name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html
- .. raw:: html
Full name of the interface excluding any logical unit number, i.e. ge1. .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-running_config: .. rst-class:: ansible-option-title **running_config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The \ :emphasis:`running\_config`\ argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command. .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__parameter-state: .. rst-class:: ansible-option-title **state** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
The state the configuration should be left in The states \ :emphasis:`rendered`\ , \ :emphasis:`gathered`\ and \ :emphasis:`parsed`\ does not perform any change on the device. The state \ :emphasis:`rendered`\ will transform the configuration in \ :literal:`config`\ option to platform specific CLI commands which will be returned in the \ :emphasis:`rendered`\ key within the result. For state \ :emphasis:`rendered`\ active connection to remote host is not required. The state \ :emphasis:`gathered`\ will fetch the running configuration from device and transform it into structured data in the format as per the resource module argspec and the value is returned in the \ :emphasis:`gathered`\ key within the result. The state \ :emphasis:`parsed`\ reads the configuration from \ :literal:`running\_config`\ option and transforms it into JSON format as per the resource module parameters and the value is returned in the \ :emphasis:`parsed`\ key within the result. The value of \ :literal:`running\_config`\ option should be the same format as the output of command \ :emphasis:`show running-config | include ip route|ipv6 route`\ executed on device. For state \ :emphasis:`parsed`\ active connection to remote host is not required. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"merged"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"replaced"` - :ansible-option-choices-entry:`"overridden"` - :ansible-option-choices-entry:`"deleted"` - :ansible-option-choices-entry:`"gathered"` - :ansible-option-choices-entry:`"parsed"` - :ansible-option-choices-entry:`"rendered"` .. raw:: html
.. Attributes .. Notes Notes ----- .. note:: - Tested against Soodar Version 21.04 .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja # Using Deleted # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out - name: Delete module attributes of given Interface amnesh.soodar.soodar_acl_interfaces: config: - name: ge1 state: deleted # Commands Fired: # --------------- # # interface ge1 # no ip access-group 110 in # no ip access-group 123 out # no ipv6 traffic-filter test_v6 out # no ipv6 traffic-filter temp_v6 in # After state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # interface ge2 # ip access-group 110 in # ip access-group 123 out # Using DELETED without any config passed #"(NOTE: This will delete all of configured resource module attributes from each configured interface)" # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out - name: Delete module attributes of given access-groups from ALL Interfaces amnesh.soodar.soodar_acl_interfaces: config: state: deleted # Commands Fired: # --------------- # # interface ge1 # no ip access-group 110 in # no ip access-group 123 out # no ipv6 traffic-filter test_v6 out # no ipv6 traffic-filter temp_v6 in # interface ge2 # no ip access-group 110 out # no ip access-group 123 out # After state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # interface ge2 # Using Merged # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # interface ge2 # ip access-group 123 out - name: Merge module attributes of given access-groups amnesh.soodar.soodar_acl_interfaces: config: - name: ge1 access_groups: - afi: ipv4 acls: - name: 110 direction: in - name: 123 direction: out - afi: ipv6 acls: - name: test_v6 direction: out - name: temp_v6 direction: in - name: ge2 access_groups: - afi: ipv4 acls: - name: 100 direction: in state: merged # Commands Fired: # --------------- # # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 100 in # ip access-group 123 out # After state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out # Using Replaced # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out - name: Replace module attributes of given access-groups amnesh.soodar.soodar_acl_interfaces: config: - name: ge1 access_groups: - afi: ipv4 acls: - name: 100 direction: out - name: 110 direction: in state: replaced # Commands Fired: # --------------- # # interface ge1 # no ip access-group 123 out # no ipv6 traffic-filter temp_v6 in # no ipv6 traffic-filter test_v6 out # ip access-group 100 out # After state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 100 out # ip access-group 110 in # interface ge2 # ip access-group 110 in # ip access-group 123 out # Using Gathered # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out - name: Gather listed acl interfaces with provided configurations amnesh.soodar.soodar_acl_interfaces: config: state: gathered # Module Execution Result: # ------------------------ # # "gathered": [ # { # "name": "loopback888" # }, # { # "name": "ge0" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "110" # }, # { # "direction": "out", # "name": "123" # } # ], # "afi": "ipv4" # }, # { # "acls": [ # { # "direction": "in", # "name": "temp_v6" # }, # { # "direction": "out", # "name": "test_v6" # } # ], # "afi": "ipv6" # } # ], # "name": "ge1" # }, # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "100" # }, # { # "direction": "out", # "name": "123" # } # ], # "afi": "ipv4" # } # ], # "name": "ge2" # } # ] # After state: # ------------ # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out # Using Overridden # Before state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter test_v6 out # ipv6 traffic-filter temp_v6 in # interface ge2 # ip access-group 110 in # ip access-group 123 out - name: Overridden module attributes of given access-groups amnesh.soodar.soodar_acl_interfaces: config: - name: ge1 access_groups: - afi: ipv4 acls: - name: 100 direction: out - name: 110 direction: in state: overridden # Commands Fired: # --------------- # # interface ge1 # no ip access-group 123 out # no ipv6 traffic-filter test_v6 out # no ipv6 traffic-filter temp_v6 in # ip access-group 100 out # interface ge2 # no ip access-group 110 in # no ip access-group 123 out # After state: # ------------- # # soodar# sh running-config | include interface|ip access-group|ipv6 traffic-filter # interface loopback888 # interface ge0 # interface ge1 # ip access-group 100 out # ip access-group 110 in # interface ge2 # Using Rendered - name: Render the commands for provided configuration amnesh.soodar.soodar_acl_interfaces: config: - name: ge1 access_groups: - afi: ipv4 acls: - name: 110 direction: in - name: 123 direction: out - afi: ipv6 acls: - name: test_v6 direction: out - name: temp_v6 direction: in state: rendered # Module Execution Result: # ------------------------ # # "rendered": [ # "interface ge1", # "ip access-group 110 in", # "ip access-group 123 out", # "ipv6 traffic-filter temp_v6 in", # "ipv6 traffic-filter test_v6 out" # ] # Using Parsed # File: parsed.cfg # ---------------- # # interface ge0 # ip access-group 110 in # ip access-group 123 out # ipv6 traffic-filter temp_v6 in # ipv6 traffic-filter test_v6 out - name: Parse the commands for provided configuration amnesh.soodar.soodar_acl_interfaces: running_config: "{{ lookup('file', 'parsed.cfg') }}" state: parsed # Module Execution Result: # ------------------------ # # "parsed": [ # { # "access_groups": [ # { # "acls": [ # { # "direction": "in", # "name": "110" # } # ], # "afi": "ipv4" # }, # { # "acls": [ # { # "direction": "in", # "name": "temp_v6" # } # ], # "afi": "ipv6" # } # ], # "name": "ge0" # } # ] .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Key - Description * - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__return-after: .. rst-class:: ansible-option-title **after** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=string` .. raw:: html
- .. raw:: html
The configuration as structured data after module completion. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` when changed .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`["The configuration returned will always be in the same format of the parameters above."]` .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__return-before: .. rst-class:: ansible-option-title **before** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=string` .. raw:: html
- .. raw:: html
The configuration as structured data prior to module invocation. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`["The configuration returned will always be in the same format of the parameters above."]` .. raw:: html
* - .. raw:: html
.. _ansible_collections.amnesh.soodar.soodar_acl_interfaces_module__return-commands: .. rst-class:: ansible-option-title **commands** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=string` .. raw:: html
- .. raw:: html
The set of commands pushed to the remote device .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`["interface ge1", "ip access-group 110 in", "ipv6 traffic-filter test\_v6 out"]` .. raw:: html
.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Mahdi Varasteh (@m-varasteh) .. Extra links Collection links ~~~~~~~~~~~~~~~~ .. raw:: html

Issue Tracker Homepage

.. Parsing errors