amnesh.soodar.soodar_acl_interfaces module – Configure and manage access-control (ACL) attributes of interfaces on Soodar devices.

Note

This module is part of the amnesh.soodar collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install https://soodar.ir/ansible/amnesh.soodar.tar.gz.

To use it in a playbook, specify: amnesh.soodar.soodar_acl_interfaces.

Synopsis 

This module configures and manages the access-control (ACL) attributes of interfaces on Soodar platforms.

Note

This module has a corresponding action plugin.

Parameters 

Parameter	Comments
config list / elements=dictionary	A dictionary of ACL interfaces options
access_groups list / elements=dictionary	Specify access-group for IP access list (standard or extended).
acls list / elements=dictionary	Specifies the ACLs for the provided AFI.
direction string / required	Specifies the direction of packets that the ACL will be applied on. With one direction already assigned, other acl direction cannot be same. Choices: `"in"` `"out"`
name string / required	Specifies the name of the IPv4/IPv4 ACL for the interface.
afi string / required	Specifies the AFI for the ACLs to be configured on this interface. Choices: `"ipv4"` `"ipv6"`
name string / required	Full name of the interface excluding any logical unit number, i.e. ge1.
running_config string	The module, by default, will connect to the remote device and retrieve the current running-config to use as a base for comparing against the contents of source. There are times when it is not desirable to have the task get the current running-config for every task in a playbook. The running_config argument allows the implementer to pass in the configuration to use as the base config for comparison. This value of this option should be the output received from device by executing command.
state string	The state the configuration should be left in The states rendered, gathered and parsed does not perform any change on the device. The state rendered will transform the configuration in `config` option to platform specific CLI commands which will be returned in the rendered key within the result. For state rendered active connection to remote host is not required. The state gathered will fetch the running configuration from device and transform it into structured data in the format as per the resource module argspec and the value is returned in the gathered key within the result. The state parsed reads the configuration from `running_config` option and transforms it into JSON format as per the resource module parameters and the value is returned in the parsed key within the result. The value of `running_config` option should be the same format as the output of command show running-config \| include ‘^interface\|ip access-group\|ipv6 traffic-group’ executed on device. For state parsed active connection to remote host is not required. Choices: `"merged"` ← (default) `"replaced"` `"overridden"` `"deleted"` `"gathered"` `"parsed"` `"rendered"`

Notes 

Note

Tested against Soodar Version 23.11
This module works with connection amnesh.soodar.network_cli.

Examples 

# Using Deleted

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

- name: Delete module attributes of given Interface
  amnesh.soodar.soodar_acl_interfaces:
    config:
    - name: ge1
    state: deleted

# Commands Fired:
# ---------------
#
# interface ge1
# no ip access-group 110 in
# no ip access-group 123 out
# no ipv6 traffic-group test_v6 out
# no ipv6 traffic-group temp_v6 in

# After state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

# Using DELETED without any config passed
#"(NOTE: This will delete all of configured resource module attributes from each configured interface)"

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

- name: Delete module attributes of given access-groups from ALL Interfaces
  amnesh.soodar.soodar_acl_interfaces:
    config:
    state: deleted

# Commands Fired:
# ---------------
#
# interface ge1
# no ip access-group 110 in
# no ip access-group 123 out
# no ipv6 traffic-group test_v6 out
# no ipv6 traffic-group temp_v6 in
# interface ge2
# no ip access-group 110 out
# no ip access-group 123 out

# After state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
# interface ge2


# Using Merged

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
# interface ge2
#  ip access-group 123 out

- name: Merge module attributes of given access-groups
  amnesh.soodar.soodar_acl_interfaces:
    config:
    - name: ge1
      access_groups:
      - afi: ipv4
        acls:
        - name: 110
          direction: in
        - name: 123
          direction: out
      - afi: ipv6
        acls:
        - name: test_v6
          direction: out
        - name: temp_v6
          direction: in
    - name: ge2
      access_groups:
      - afi: ipv4
        acls:
        - name: 100
          direction: in
    state: merged

# Commands Fired:
# ---------------
#
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 100 in
#  ip access-group 123 out


# After state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out


# Using Replaced

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

- name: Replace module attributes of given access-groups
  amnesh.soodar.soodar_acl_interfaces:
    config:
    - name: ge1
      access_groups:
      - afi: ipv4
        acls:
        - name: 100
          direction: out
        - name: 110
          direction: in
    state: replaced

# Commands Fired:
# ---------------
#
# interface ge1
# no ip access-group 123 out
# no ipv6 traffic-group temp_v6 in
# no ipv6 traffic-group test_v6 out
# ip access-group 100 out

# After state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 100 out
#  ip access-group 110 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out


# Using Gathered

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

- name: Gather listed acl interfaces with provided configurations
  amnesh.soodar.soodar_acl_interfaces:
    config:
    state: gathered

# Module Execution Result:
# ------------------------
#
# "gathered": [
#         {
#             "name": "loopback888"
#         },
#         {
#             "name": "ge0"
#         },
#         {
#             "access_groups": [
#                 {
#                     "acls": [
#                         {
#                             "direction": "in",
#                             "name": "110"
#                         },
#                         {
#                             "direction": "out",
#                             "name": "123"
#                         }
#                     ],
#                     "afi": "ipv4"
#                 },
#                 {
#                     "acls": [
#                         {
#                             "direction": "in",
#                             "name": "temp_v6"
#                         },
#                         {
#                             "direction": "out",
#                             "name": "test_v6"
#                         }
#                     ],
#                     "afi": "ipv6"
#                 }
#             ],
#             "name": "ge1"
#         },
#         {
#             "access_groups": [
#                 {
#                     "acls": [
#                         {
#                             "direction": "in",
#                             "name": "100"
#                         },
#                         {
#                             "direction": "out",
#                             "name": "123"
#                         }
#                     ],
#                     "afi": "ipv4"
#                 }
#             ],
#             "name": "ge2"
#         }
#     ]

# After state:
# ------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out


# Using Overridden

# Before state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 110 in
#  ip access-group 123 out
#  ipv6 traffic-group test_v6 out
#  ipv6 traffic-group temp_v6 in
# interface ge2
#  ip access-group 110 in
#  ip access-group 123 out

- name: Overridden module attributes of given access-groups
  amnesh.soodar.soodar_acl_interfaces:
    config:
    - name: ge1
      access_groups:
      - afi: ipv4
        acls:
        - name: 100
          direction: out
        - name: 110
          direction: in
    state: overridden

# Commands Fired:
# ---------------
#
# interface ge1
# no ip access-group 123 out
# no ipv6 traffic-group test_v6 out
# no ipv6 traffic-group temp_v6 in
# ip access-group 100 out
# interface ge2
# no ip access-group 110 in
# no ip access-group 123 out

# After state:
# -------------
#
# soodar# sh running-config | include 'interface|ip access-group|ipv6 traffic-group'
# interface loopback888
# interface ge0
# interface ge1
#  ip access-group 100 out
#  ip access-group 110 in
# interface ge2


# Using Rendered

- name: Render the commands for provided  configuration
  amnesh.soodar.soodar_acl_interfaces:
    config:
    - name: ge1
      access_groups:
      - afi: ipv4
        acls:
        - name: 110
          direction: in
        - name: 123
          direction: out
      - afi: ipv6
        acls:
        - name: test_v6
          direction: out
        - name: temp_v6
          direction: in
    state: rendered

# Module Execution Result:
# ------------------------
#
# "rendered": [
#         "interface ge1",
#         "ip access-group 110 in",
#         "ip access-group 123 out",
#         "ipv6 traffic-group temp_v6 in",
#         "ipv6 traffic-group test_v6 out"
#     ]


# Using Parsed

# File: parsed.cfg
# ----------------
#
# interface ge0
# ip access-group 110 in
# ip access-group 123 out
# ipv6 traffic-group temp_v6 in
# ipv6 traffic-group test_v6 out

- name: Parse the commands for provided configuration
  amnesh.soodar.soodar_acl_interfaces:
    running_config: "{{ lookup('file', 'parsed.cfg') }}"
    state: parsed

# Module Execution Result:
# ------------------------
#
# "parsed": [
#         {
#             "access_groups": [
#                 {
#                     "acls": [
#                         {
#                             "direction": "in",
#                             "name": "110"
#                         }
#                     ],
#                     "afi": "ipv4"
#                 },
#                 {
#                     "acls": [
#                         {
#                             "direction": "in",
#                             "name": "temp_v6"
#                         }
#                     ],
#                     "afi": "ipv6"
#                 }
#             ],
#             "name": "ge0"
#         }
#     ]

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
after dictionary	The resulting configuration after module execution. Returned: when changed Sample: `"This output will always be in the same format as the module argspec.\n"`
before dictionary	The configuration prior to the module execution. Returned: when state is `merged`, `replaced`, `overridden`, `deleted` or `purged` Sample: `"This output will always be in the same format as the module argspec.\n"`
commands list / elements=string	The set of commands pushed to the remote device. Returned: when state is `merged`, `replaced`, `overridden`, `deleted` or `purged` Sample: `["sample command 1", "sample command 2", "sample command 3"]`
gathered list / elements=string	Facts about the network resource gathered from the remote device as structured data. Returned: when state is `gathered` Sample: `["This output will always be in the same format as the module argspec.\n"]`
parsed list / elements=string	The device native config provided in running_config option parsed into structured data as per module argspec. Returned: when state is `parsed` Sample: `["This output will always be in the same format as the module argspec.\n"]`
rendered list / elements=string	The provided configuration in the task rendered in device-native format (offline). Returned: when state is `rendered` Sample: `["sample command 1", "sample command 2", "sample command 3"]`

Authors

Mahdi Varasteh (@m-varasteh)
Sumit Jaiswal (@justjais)
Sagar Paul (@KB-perByte)

amnesh.soodar.soodar_acl_interfaces module – Configure and manage access-control (ACL) attributes of interfaces on Soodar devices.

Synopsis

Parameters

Notes

Examples

Return Values

Authors

Collection links

Synopsis 

Parameters 

Notes 

Examples 

Return Values 