Skip to content

Commit

Permalink
support for multiple "ip ipsec *" API paths (#129)
Browse files Browse the repository at this point in the history
Signed-off-by: Tomas Herfert <herfik>

Signed-off-by: Tomas Herfert <herfik>
Co-authored-by: Tomas Herfert <herfik>
  • Loading branch information
therfert authored Nov 13, 2022
1 parent 29247fa commit c48f4c7
Show file tree
Hide file tree
Showing 4 changed files with 89 additions and 25 deletions.
3 changes: 3 additions & 0 deletions changelogs/fragments/129-api-ipsec.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
minor_changes:
- api_modify, api_info - support API paths ``ip ipsec identity``, ``ip ipsec peer``, ``ip ipsec policy``, ``ip ipsec profile``, ``ip ipsec proposal``
(https://github.com/ansible-collections/community.routeros/pull/129).
101 changes: 76 additions & 25 deletions plugins/module_utils/_api_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,31 @@ def join_path(path):
'transparent-proxy': KeyInfo(),
},
),
('ip', 'ipsec', 'identity'): APIData(
fully_understood=True,
primary_keys=('peer', ),
fields={
'auth-method': KeyInfo(default='pre-shared-key'),
'certificate': KeyInfo(),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'eap-methods': KeyInfo(default='eap-tls'),
'generate-policy': KeyInfo(default=False),
'key': KeyInfo(),
'match-by': KeyInfo(can_disable=True, remove_value='remote-id'),
'mode-config': KeyInfo(can_disable=True, remove_value='none'),
'my-id': KeyInfo(can_disable=True, remove_value='auto'),
'notrack-chain': KeyInfo(can_disable=True, remove_value=''),
'password': KeyInfo(),
'peer': KeyInfo(),
'policy-template-group': KeyInfo(can_disable=True, remove_value='default'),
'remote-certificate': KeyInfo(),
'remote-id': KeyInfo(can_disable=True, remove_value='auto'),
'remote-key': KeyInfo(),
'secret': KeyInfo(default=''),
'username': KeyInfo(),
},
),
('ip', 'ipsec', 'mode-config'): APIData(
unknown_mechanism=True,
# primary_keys=('default', ),
Expand All @@ -311,6 +336,22 @@ def join_path(path):
'use-responder-dns': KeyInfo(),
},
),
('ip', 'ipsec', 'peer'): APIData(
fully_understood=True,
primary_keys=('name', ),
fields={
'address': KeyInfo(can_disable=True, remove_value=''),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'exchange-mode': KeyInfo(default='main'),
'local-address': KeyInfo(can_disable=True, remove_value='0.0.0.0'),
'name': KeyInfo(),
'passive': KeyInfo(can_disable=True, remove_value=False),
'port': KeyInfo(can_disable=True, remove_value=500),
'profile': KeyInfo(default='default'),
'send-initial-contact': KeyInfo(default=True),
},
),
('ip', 'ipsec', 'policy', 'group'): APIData(
unknown_mechanism=True,
# primary_keys=('default', ),
Expand All @@ -320,32 +361,32 @@ def join_path(path):
},
),
('ip', 'ipsec', 'profile'): APIData(
unknown_mechanism=True,
# primary_keys=('default', ),
fully_understood=True,
primary_keys=('name', ),
fields={
'default': KeyInfo(),
'dh-group': KeyInfo(),
'dpd-interval': KeyInfo(),
'dpd-maximum-failures': KeyInfo(),
'enc-algorithm': KeyInfo(),
'hash-algorithm': KeyInfo(),
'lifetime': KeyInfo(),
'dh-group': KeyInfo(default='modp2048,modp1024'),
'dpd-interval': KeyInfo(default='2m'),
'dpd-maximum-failures': KeyInfo(default=5),
'enc-algorithm': KeyInfo(default='aes-128,3des'),
'hash-algorithm': KeyInfo(default='sha1'),
'lifebytes': KeyInfo(can_disable=True, remove_value=0),
'lifetime': KeyInfo(default='1d'),
'name': KeyInfo(),
'nat-traversal': KeyInfo(),
'proposal-check': KeyInfo(),
'nat-traversal': KeyInfo(default=True),
'prf-algorithm': KeyInfo(can_disable=True, remove_value='auto'),
'proposal-check': KeyInfo(default='obey'),
},
),
('ip', 'ipsec', 'proposal'): APIData(
unknown_mechanism=True,
# primary_keys=('default', ),
fully_understood=True,
primary_keys=('name', ),
fields={
'default': KeyInfo(),
'auth-algorithms': KeyInfo(),
'disabled': KeyInfo(),
'enc-algorithms': KeyInfo(),
'lifetime': KeyInfo(),
'auth-algorithms': KeyInfo(default='sha1'),
'disabled': KeyInfo(default=False),
'enc-algorithms': KeyInfo(default='aes-256-cbc,aes-192-cbc,aes-128-cbc'),
'lifetime': KeyInfo(default='30m'),
'name': KeyInfo(),
'pfs-group': KeyInfo(),
'pfs-group': KeyInfo(default='modp1024'),
},
),
('ip', 'pool'): APIData(
Expand Down Expand Up @@ -2127,15 +2168,25 @@ def join_path(path):
},
),
('ip', 'ipsec', 'policy'): APIData(
has_identifier=True,
fully_understood=True,
fields={
'disabled': KeyInfo(),
'action': KeyInfo(default='encrypt'),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'dst-address': KeyInfo(),
'group': KeyInfo(),
'proposal': KeyInfo(),
'protocol': KeyInfo(),
'dst-port': KeyInfo(default='any'),
'group': KeyInfo(can_disable=True, remove_value='default'),
'ipsec-protocols': KeyInfo(default='esp'),
'level': KeyInfo(default='require'),
'peer': KeyInfo(),
'proposal': KeyInfo(default='default'),
'protocol': KeyInfo(default='all'),
'src-address': KeyInfo(),
'template': KeyInfo(),
'src-port': KeyInfo(default='any'),
'template': KeyInfo(can_disable=True, remove_value=False),
# the tepmlate field can't really be changed once the item is created. This config captures the behavior best as it can
# i.e. tepmplate=yes is shown, tepmlate=no is hidden
'tunnel': KeyInfo(default=False),
},
),
('ip', 'service'): APIData(
Expand Down
5 changes: 5 additions & 0 deletions plugins/modules/api_info.py
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,11 @@
- ip firewall nat
- ip firewall service-port
- ip hotspot service-port
- ip ipsec identity
- ip ipsec peer
- ip ipsec policy
- ip ipsec profile
- ip ipsec proposal
- ip ipsec settings
- ip neighbor discovery-settings
- ip pool
Expand Down
5 changes: 5 additions & 0 deletions plugins/modules/api_modify.py
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,11 @@
- ip firewall nat
- ip firewall service-port
- ip hotspot service-port
- ip ipsec identity
- ip ipsec peer
- ip ipsec policy
- ip ipsec profile
- ip ipsec proposal
- ip ipsec settings
- ip neighbor discovery-settings
- ip pool
Expand Down

0 comments on commit c48f4c7

Please sign in to comment.