mirror.MikroTik/ansible-collections.community.routeros
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.routeros.git synced 2025-07-03 14:54:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

support for multiple "ip ipsec *" API paths (#129)

Browse source 
Signed-off-by: Tomas Herfert <herfik>

Signed-off-by: Tomas Herfert <herfik>
Co-authored-by: Tomas Herfert <herfik>
This commit is contained in:
Tomas Herfert 2022-11-13 21:14:45 +01:00 committed by GitHub
parent 29247faaa3
commit c48f4c74ce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 89 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/129-api-ipsec.yml Normal file
View file

@ -0,0 +1,3 @@
minor_changes:
- api_modify, api_info - support API paths ``ip ipsec identity``, ``ip ipsec peer``, ``ip ipsec policy``, ``ip ipsec profile``, ``ip ipsec proposal``
(https://github.com/ansible-collections/community.routeros/pull/129).

101
plugins/module_utils/_api_data.py
View file

@ -301,6 +301,31 @@ PATHS = {
'transparent-proxy': KeyInfo(), 'transparent-proxy': KeyInfo(),
}, },
), ),
('ip', 'ipsec', 'identity'): APIData(
fully_understood=True,
primary_keys=('peer', ),
fields={
'auth-method': KeyInfo(default='pre-shared-key'),
'certificate': KeyInfo(),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'eap-methods': KeyInfo(default='eap-tls'),
'generate-policy': KeyInfo(default=False),
'key': KeyInfo(),
'match-by': KeyInfo(can_disable=True, remove_value='remote-id'),
'mode-config': KeyInfo(can_disable=True, remove_value='none'),
'my-id': KeyInfo(can_disable=True, remove_value='auto'),
'notrack-chain': KeyInfo(can_disable=True, remove_value=''),
'password': KeyInfo(),
'peer': KeyInfo(),
'policy-template-group': KeyInfo(can_disable=True, remove_value='default'),
'remote-certificate': KeyInfo(),
'remote-id': KeyInfo(can_disable=True, remove_value='auto'),
'remote-key': KeyInfo(),
'secret': KeyInfo(default=''),
'username': KeyInfo(),
},
),
('ip', 'ipsec', 'mode-config'): APIData( ('ip', 'ipsec', 'mode-config'): APIData(
unknown_mechanism=True, unknown_mechanism=True,
# primary_keys=('default', ), # primary_keys=('default', ),
@ -311,6 +336,22 @@ PATHS = {
'use-responder-dns': KeyInfo(), 'use-responder-dns': KeyInfo(),
}, },
), ),
('ip', 'ipsec', 'peer'): APIData(
fully_understood=True,
primary_keys=('name', ),
fields={
'address': KeyInfo(can_disable=True, remove_value=''),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'exchange-mode': KeyInfo(default='main'),
'local-address': KeyInfo(can_disable=True, remove_value='0.0.0.0'),
'name': KeyInfo(),
'passive': KeyInfo(can_disable=True, remove_value=False),
'port': KeyInfo(can_disable=True, remove_value=500),
'profile': KeyInfo(default='default'),
'send-initial-contact': KeyInfo(default=True),
},
),
('ip', 'ipsec', 'policy', 'group'): APIData( ('ip', 'ipsec', 'policy', 'group'): APIData(
unknown_mechanism=True, unknown_mechanism=True,
# primary_keys=('default', ), # primary_keys=('default', ),
@ -320,32 +361,32 @@ PATHS = {
}, },
), ),
('ip', 'ipsec', 'profile'): APIData( ('ip', 'ipsec', 'profile'): APIData(
unknown_mechanism=True, fully_understood=True,
# primary_keys=('default', ), primary_keys=('name', ),
fields={ fields={
'default': KeyInfo(), 'dh-group': KeyInfo(default='modp2048,modp1024'),
'dh-group': KeyInfo(), 'dpd-interval': KeyInfo(default='2m'),
'dpd-interval': KeyInfo(), 'dpd-maximum-failures': KeyInfo(default=5),
'dpd-maximum-failures': KeyInfo(), 'enc-algorithm': KeyInfo(default='aes-128,3des'),
'enc-algorithm': KeyInfo(), 'hash-algorithm': KeyInfo(default='sha1'),
'hash-algorithm': KeyInfo(), 'lifebytes': KeyInfo(can_disable=True, remove_value=0),
'lifetime': KeyInfo(), 'lifetime': KeyInfo(default='1d'),
'name': KeyInfo(), 'name': KeyInfo(),
'nat-traversal': KeyInfo(), 'nat-traversal': KeyInfo(default=True),
'proposal-check': KeyInfo(), 'prf-algorithm': KeyInfo(can_disable=True, remove_value='auto'),
'proposal-check': KeyInfo(default='obey'),
}, },
), ),
('ip', 'ipsec', 'proposal'): APIData( ('ip', 'ipsec', 'proposal'): APIData(
unknown_mechanism=True, fully_understood=True,
# primary_keys=('default', ), primary_keys=('name', ),
fields={ fields={
'default': KeyInfo(), 'auth-algorithms': KeyInfo(default='sha1'),
'auth-algorithms': KeyInfo(), 'disabled': KeyInfo(default=False),
'disabled': KeyInfo(), 'enc-algorithms': KeyInfo(default='aes-256-cbc,aes-192-cbc,aes-128-cbc'),
'enc-algorithms': KeyInfo(), 'lifetime': KeyInfo(default='30m'),
'lifetime': KeyInfo(),
'name': KeyInfo(), 'name': KeyInfo(),
'pfs-group': KeyInfo(), 'pfs-group': KeyInfo(default='modp1024'),
}, },
), ),
('ip', 'pool'): APIData( ('ip', 'pool'): APIData(
@ -2127,15 +2168,25 @@ PATHS = {
}, },
), ),
('ip', 'ipsec', 'policy'): APIData( ('ip', 'ipsec', 'policy'): APIData(
has_identifier=True, fully_understood=True,
fields={ fields={
'disabled': KeyInfo(), 'action': KeyInfo(default='encrypt'),
'comment': KeyInfo(can_disable=True, remove_value=''),
'disabled': KeyInfo(default=False),
'dst-address': KeyInfo(), 'dst-address': KeyInfo(),
'group': KeyInfo(), 'dst-port': KeyInfo(default='any'),
'proposal': KeyInfo(), 'group': KeyInfo(can_disable=True, remove_value='default'),
'protocol': KeyInfo(), 'ipsec-protocols': KeyInfo(default='esp'),
'level': KeyInfo(default='require'),
'peer': KeyInfo(),
'proposal': KeyInfo(default='default'),
'protocol': KeyInfo(default='all'),
'src-address': KeyInfo(), 'src-address': KeyInfo(),
'template': KeyInfo(), 'src-port': KeyInfo(default='any'),
'template': KeyInfo(can_disable=True, remove_value=False),
# the tepmlate field can't really be changed once the item is created. This config captures the behavior best as it can
# i.e. tepmplate=yes is shown, tepmlate=no is hidden
'tunnel': KeyInfo(default=False),
}, },
), ),
('ip', 'service'): APIData( ('ip', 'service'): APIData(

5
plugins/modules/api_info.py
View file

@ -92,6 +92,11 @@ options:
- ip firewall nat - ip firewall nat
- ip firewall service-port - ip firewall service-port
- ip hotspot service-port - ip hotspot service-port
- ip ipsec identity
- ip ipsec peer
- ip ipsec policy
- ip ipsec profile
- ip ipsec proposal
- ip ipsec settings - ip ipsec settings
- ip neighbor discovery-settings - ip neighbor discovery-settings
- ip pool - ip pool

5
plugins/modules/api_modify.py
View file

@ -97,6 +97,11 @@ options:
- ip firewall nat - ip firewall nat
- ip firewall service-port - ip firewall service-port
- ip hotspot service-port - ip hotspot service-port
- ip ipsec identity
- ip ipsec peer
- ip ipsec policy
- ip ipsec profile
- ip ipsec proposal
- ip ipsec settings - ip ipsec settings
- ip neighbor discovery-settings - ip neighbor discovery-settings
- ip pool - ip pool