Anons79 Mini Shell

Directory : /lib/python2.7/site-packages/ansible/modules/network/cloudengine/
Upload File :
Current File : //lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyo

�
�Udac@s�idd6dgd6dd6ZdZdZdZd	d
lmZd	dlmZd	dlm	Z	m
Z
mZmZd
Z
dZdZdZdZdZdZdZdZdZdZdZidd6dd6dd6dd6dd 6d!d"6d#d$6d%d&6Zi
d!d'6d(d)6d*d+6d,d-6d.d/6d0d16d2d36d4d56d6d76d8d96Zd:�Zd;efd<��YZd=�Zed>kr�e�nd?S(@s1.1tmetadata_versiontpreviewtstatust	communitytsupported_bys�
---
module: ce_acl_advance
version_added: "2.4"
short_description: Manages advanced ACL configuration on HUAWEI CloudEngine switches.
description:
    - Manages advanced ACL configurations on HUAWEI CloudEngine switches.
author:
    - wangdezhuang (@QijunPan)
notes:
  - This module requires the netconf system service be enabled on the remote device being managed.
  - Recommended connection is C(netconf).
  - This module also works with C(local) connections for legacy playbooks.
options:
    state:
        description:
            - Specify desired state of the resource.
        required: false
        default: present
        choices: ['present','absent','delete_acl']
    acl_name:
        description:
            - ACL number or name.
              For a numbered rule group, the value ranging from 3000 to 3999 indicates a advance ACL.
              For a named rule group, the value is a string of 1 to 32 case-sensitive characters starting
              with a letter, spaces not supported.
        required: true
    acl_num:
        description:
            - ACL number.
              The value is an integer ranging from 3000 to 3999.
    acl_step:
        description:
            - ACL step.
              The value is an integer ranging from 1 to 20. The default value is 5.
    acl_description:
        description:
            - ACL description.
              The value is a string of 1 to 127 characters.
    rule_name:
        description:
            - Name of a basic ACL rule.
              The value is a string of 1 to 32 characters.
    rule_id:
        description:
            - ID of a basic ACL rule in configuration mode.
              The value is an integer ranging from 0 to 4294967294.
    rule_action:
        description:
            - Matching mode of basic ACL rules.
        choices: ['permit','deny']
    protocol:
        description:
            - Protocol type.
        choices: ['ip', 'icmp', 'igmp', 'ipinip', 'tcp', 'udp', 'gre', 'ospf']
    source_ip:
        description:
            - Source IP address.
              The value is a string of 0 to 255 characters.The default value is 0.0.0.0.
              The value is in dotted decimal notation.
    src_mask:
        description:
            - Source IP address mask.
              The value is an integer ranging from 1 to 32.
    src_pool_name:
        description:
            - Name of a source pool.
              The value is a string of 1 to 32 characters.
    dest_ip:
        description:
            - Destination IP address.
              The value is a string of 0 to 255 characters.The default value is 0.0.0.0.
              The value is in dotted decimal notation.
    dest_mask:
        description:
            - Destination IP address mask.
              The value is an integer ranging from 1 to 32.
    dest_pool_name:
        description:
            - Name of a destination pool.
              The value is a string of 1 to 32 characters.
    src_port_op:
        description:
            - Range type of the source port.
        choices: ['lt','eq', 'gt', 'range']
    src_port_begin:
        description:
            - Start port number of the source port.
              The value is an integer ranging from 0 to 65535.
    src_port_end:
        description:
            - End port number of the source port.
              The value is an integer ranging from 0 to 65535.
    src_port_pool_name:
        description:
            - Name of a source port pool.
              The value is a string of 1 to 32 characters.
    dest_port_op:
        description:
            - Range type of the destination port.
        choices: ['lt','eq', 'gt', 'range']
    dest_port_begin:
        description:
            - Start port number of the destination port.
              The value is an integer ranging from 0 to 65535.
    dest_port_end:
        description:
            - End port number of the destination port.
              The value is an integer ranging from 0 to 65535.
    dest_port_pool_name:
        description:
            - Name of a destination port pool.
              The value is a string of 1 to 32 characters.
    frag_type:
        description:
            - Type of packet fragmentation.
        choices: ['fragment', 'clear_fragment']
    precedence:
        description:
            - Data packets can be filtered based on the priority field.
              The value is an integer ranging from 0 to 7.
    tos:
        description:
            - ToS value on which data packet filtering is based.
              The value is an integer ranging from 0 to 15.
    dscp:
        description:
            - Differentiated Services Code Point.
              The value is an integer ranging from 0 to 63.
    icmp_name:
        description:
            - ICMP name.
        choices: ['unconfiged', 'echo', 'echo-reply', 'fragmentneed-DFset', 'host-redirect',
                  'host-tos-redirect', 'host-unreachable', 'information-reply', 'information-request',
                  'net-redirect', 'net-tos-redirect', 'net-unreachable', 'parameter-problem',
                  'port-unreachable', 'protocol-unreachable', 'reassembly-timeout', 'source-quench',
                  'source-route-failed', 'timestamp-reply', 'timestamp-request', 'ttl-exceeded',
                  'address-mask-reply', 'address-mask-request', 'custom']
    icmp_type:
        description:
            - ICMP type. This parameter is available only when the packet protocol is ICMP.
              The value is an integer ranging from 0 to 255.
    icmp_code:
        description:
            - ICMP message code. Data packets can be filtered based on the ICMP message code.
              The value is an integer ranging from 0 to 255.
    ttl_expired:
        description:
            - Whether TTL Expired is matched, with the TTL value of 1.
        type: bool
        default: 'no'
    vrf_name:
        description:
            - VPN instance name.
              The value is a string of 1 to 31 characters.The default value is _public_.
    syn_flag:
        description:
            - TCP flag value.
              The value is an integer ranging from 0 to 63.
    tcp_flag_mask:
        description:
            - TCP flag mask value.
              The value is an integer ranging from 0 to 63.
    established:
        description:
            - Match established connections.
        type: bool
        default: 'no'
    time_range:
        description:
            - Name of a time range in which an ACL rule takes effect.
    rule_description:
        description:
            - Description about an ACL rule.
    igmp_type:
        description:
            - Internet Group Management Protocol.
        choices: ['host-query', 'mrouter-adver', 'mrouter-solic', 'mrouter-termi', 'mtrace-resp', 'mtrace-route',
                  'v1host-report', 'v2host-report', 'v2leave-group', 'v3host-report']
    log_flag:
        description:
            - Flag of logging matched data packets.
        type: bool
        default: 'no'
sM

- name: CloudEngine advance acl test
  hosts: cloudengine
  connection: local
  gather_facts: no
  vars:
    cli:
      host: "{{ inventory_hostname }}"
      port: "{{ ansible_ssh_port }}"
      username: "{{ username }}"
      password: "{{ password }}"
      transport: cli

  tasks:

  - name: "Config ACL"
    ce_acl_advance:
      state: present
      acl_name: 3200
      provider: "{{ cli }}"

  - name: "Undo ACL"
    ce_acl_advance:
      state: delete_acl
      acl_name: 3200
      provider: "{{ cli }}"

  - name: "Config ACL advance rule"
    ce_acl_advance:
      state: present
      acl_name: test
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      protocol: tcp
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      provider: "{{ cli }}"

  - name: "Undo ACL advance rule"
    ce_acl_advance:
      state: absent
      acl_name: test
      rule_name: test_rule
      rule_id: 111
      rule_action: permit
      protocol: tcp
      source_ip: 10.10.10.10
      src_mask: 24
      frag_type: fragment
      provider: "{{ cli }}"
s�
changed:
    description: check to see if a change was made on the device
    returned: always
    type: bool
    sample: true
proposed:
    description: k/v pairs of parameters passed into module
    returned: always
    type: dict
    sample: {"acl_name": "test", "state": "delete_acl"}
existing:
    description: k/v pairs of existing aaa server
    returned: always
    type: dict
    sample: {"aclNumOrName": "test", "aclType": "Advance"}
end_state:
    description: k/v pairs of aaa params after module execution
    returned: always
    type: dict
    sample: {}
updates:
    description: command sent to the device
    returned: always
    type: list
    sample: ["undo acl name test"]
i����(tElementTree(t
AnsibleModule(t
get_nc_configt
set_nc_configtce_argument_spect
check_ip_addrs�
    <filter type="subtree">
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup>
            <aclNumOrName></aclNumOrName>
sG
          </aclGroup>
        </aclGroups>
      </acl>
    </filter>
s�
    <config>
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup operation="merge">
            <aclNumOrName>%s</aclNumOrName>
sG
          </aclGroup>
        </aclGroups>
      </acl>
    </config>
s�
    <config>
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup operation="delete">
            <aclNumOrName>%s</aclNumOrName>
s6
    <filter type="subtree">
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup>
            <aclNumOrName>%s</aclNumOrName>
            <aclRuleAdv4s>
              <aclRuleAdv4>
                <aclRuleName></aclRuleName>
s�
              </aclRuleAdv4>
            </aclRuleAdv4s>
          </aclGroup>
        </aclGroups>
      </acl>
    </filter>
s;
    <config>
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup>
            <aclNumOrName>%s</aclNumOrName>
            <aclRuleAdv4s>
              <aclRuleAdv4 operation="merge">
                <aclRuleName>%s</aclRuleName>
s�
              </aclRuleAdv4>
            </aclRuleAdv4s>
          </aclGroup>
        </aclGroups>
      </acl>
    </config>
s<
    <config>
      <acl xmlns="http://www.huawei.com/netconf/vrp" content-version="1.0" format-version="1.0">
        <aclGroups>
          <aclGroup>
            <aclNumOrName>%s</aclNumOrName>
            <aclRuleAdv4s>
              <aclRuleAdv4 operation="delete">
                <aclRuleName>%s</aclRuleName>
t0tipt1ticmpt2tigmpt4tipinipt6ttcpt17tudpt47tgret89tospfs
host-queryt48s
mrouter-advert49s
mrouter-solict50s
mrouter-termit30smtrace-respt31smtrace-routet18s
v1host-reportt22s
v2host-reportt23s
v2leave-groupt34s
v3host-reportcCsEdgd}t|�}|dkr)dS|dkr_ttdd|d>d@��|d<n|dkr�d|d<ttdd|d>d@��|d	<n|dkr�d|d	<ttdd
|d
>d@��|d<n|d
krd|d<ttdd|d>d@��|d<n|dkr8d|d<nd
j|�S(sG convert mask length to ip address wildcard mask, i.e. 24 to 0.0.0.255 t255ii ii�iRiiiiit.N(tinttNonetstrtjoin(tmasktmask_inttvalue((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytget_wildcard_mask�s$
*
*
*
*
t
AdvanceAclcBs�eZdZd�Zd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�ZRS(s# Manages advance acl configuration c&Ks�|d}||_td|jdt�|_|jjd|_|jjdpTd:|_|jjdpmd:|_d:|_	|jjdp�d:|_
|jjdp�d:|_|jjdp�d:|_|jjd	p�d:|_
|jjd
p�d:|_|jjdpd:|_d:|_|jjdp.d:|_|jjd
pGd:|_d:|_|jjdpid:|_|jjdp�d:|_|jjdp�d:|_d:|_|jjdp�d:|_|jjdp�d:|_|jjdp�d:|_|jjdpd:|_|jjdp!d:|_|jjdp:d:|_|jjdpSd:|_|jjdpld:|_|jjdp�d:|_ |jjdp�d:|_!|jjdp�d:|_"|jjdp�d:|_#|jjdp�d:|_$|jjdpd:|_%|jjdpd:|_&|jjd p4d:|_'|jjd!|_(|jjd"p`d:|_)|jjd#pyd:|_*|jjd$p�d:|_+|jjd%|_,|jjd&p�d:|_-|jjd'p�d:|_.|jjd(p�d:|_/d:|_0|jjd)|_1t2�|_3d*|j3d+<d,|j3d-<d.|j3d/<d0|j3d1<d2|j3d3<d4|j3d5<d6|j3d7<d8|j3d9<t2�|_4t2�|_5t6|_7t8�|_9t2�|_:t2�|_;t2�|_<t2�|_=d:S(;s Class init t
argument_spectsupports_check_modetstatetacl_nametacl_numtacl_steptacl_descriptiont	rule_nametrule_idtrule_actiontprotocolt	source_iptsrc_maskt
src_pool_nametdest_ipt	dest_masktdest_pool_nametsrc_port_optsrc_port_begintsrc_port_endtsrc_port_pool_nametdest_port_optdest_port_begint
dest_port_endtdest_port_pool_namet	frag_typet
precedencettostdscpt	icmp_namet	icmp_typet	icmp_codetttl_expiredtvrf_nametsyn_flagt
tcp_flag_masktestablishedt
time_rangetrule_descriptiont	igmp_typetlog_flagtroutineRtpriorityR
t	immediateRtflasht3sflash-overrideRtcriticalt5tinternetRtnetworkt7N(>tspecRtTruetmoduletparamsR1R'R2R3tacl_typeR4R5R6R7R8R9tprotocol_numR:R;tsrc_wildR<R=R>t	dest_wildR?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQRRRSRTRURVt
igmp_type_numRWtdicttprecedence_nametcur_acl_cfgtcur_advance_rule_cfgtFalsetchangedtlisttupdates_cmdtresultstproposedtexistingt	end_state(tselftkwargsR/((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyt__init__�s�
								







	cCst|j|�}|S(s Get configure by netconf (RRd(Rwtconf_strtxml_str((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytnetconf_get_configscCst|j|�}|S(s Set configure by netconf (RRd(RwRzR{((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytnetconf_set_configscCs%|jr!tj|j�|_ndS(s Get protocol num by name N(R9tPROTOCOL_NUMtgetRg(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytget_protocol_nums	cCs%|jr!tj|j�|_ndS(s Get igmp type num by type N(RVt
IGMP_TYPE_NUMRRj(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytget_igmp_type_num"s	cCs�t}t}g|jd<|jrd|jj�r�t|j�dks[t|j�dkrq|jjdd�n|jr"|jjdd�q"n�d|_t	|j�dks�t	|j�d	kr�|jjdd
�n|j
dkr"|jr"|jr"|jr"|jjdd�q"n|jr�|jj�r}t|j�dksdt|j�dkr�|jjdd�q�q�|jjdd
�n|jr|jj�r�t|j�dks�t|j�dkr|jjdd�qq|jjdd�n|j
rPt	|j
�dks7t	|j
�dkrP|jjdd�qPnt}|jrl|d7}n|js�|jj�r�|d7}n|jr�|d7}n|j
r�|d7}n|t7}|jd|�}d|kr�t}qd|jdd�jdd�jdd�jdd�}tj|�}|jd�}|r�xa|D]V}t�}	x0|D](}
|
jd'kre|
j|	|
j<qeqeW|jdj|	�qOWn|jdr[t�}xl|jdD]]}t�}t�}
|jrU|jj�r2|jd!�r2|j|d!<|jd!�|
d!<qU|j|d<|jd�|
d<n|jr�|j|d <|jd �|
d <n|jr�|j|d!<|jd!�|
d!<n|jr�|j|d"<|jd"�|
d"<n|j
r|j
|d#<|jd#�|
d#<n||
krt}nt}|j|�q�Wx-|D]}|rNt}Pq8t}q8Wqdt}n|j
dkr�t|�}n$|j
d$kr�t|�}nt}||jd%<d&S((s Check acl invalid args tacl_infoi�i�tmsgsCError: The value of acl_name is out of [3000-3999] for advance ACL.sKError: The acl_name is digit, so should not input acl_num at the same time.tAdvanceii s.Error: The len of acl_name is out of [1 - 32].tpresents8Error: Please input acl_num or acl_type when config ACL.s Error: The acl_num is not digit.is0Error: The value of acl_step is out of [1 - 20].s!Error: The acl_step is not digit.is6Error: The len of acl_description is out of [1 - 127].s<aclType></aclType>s<aclNumber></aclNumber>s<aclStep></aclStep>s!<aclDescription></aclDescription>Rzs<data/>s
ts
s/xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"s)xmlns="http://www.huawei.com/netconf/vrp"sacl/aclGroups/aclGrouptaclNumOrNametaclTypet	aclNumbertaclSteptaclDescriptiont
delete_acltneed_cfgN(R�R�R�R�R�(RoRmR2tisdigitR&Rdt	fail_jsonR3RftlenR1R6R4R5tCE_GET_ACL_HEADERtCE_GET_ACL_TAILR|treplaceRt
fromstringtfindallRkttagttexttappendRqRRctbool(RwR�t	find_flagRztrecv_xmlR{trootR�ttmpttmp_dicttsitet	find_listtcur_cfg_dicttexist_cfg_dictt	find_booltmem((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytcheck_acl_args(s�
	*
	
	*

	*

	*

	*
	

	
	

		
	

				

	
	
	
	
	

	cBCs�t}t}g|jd<|jr�|jdkrS|jsS|jjdd�qSn|jr�t|j�dks�t|j�dkr�|jjdd�n|jdkr�|jr�|jjdd	�n|jr<|jj	�r&t
|j�d
ks
t
|j�dkr9|jjdd�q9q<|jjdd
�n|jre|jre|jjdd�n|jr�|jr�|jjdd�n|jr�|j
�n|jr�t|j�s�|jjdd|j�n|js�|jjdd�q�n|jr~|jj	�rht
|j�dks=t
|j�dkrS|jjdd�nt|j�|_q~|jjdd�n|jr�t|j�dks�t|j�dkr�|jjdd�q�n|jr!t|j�s�|jjdd|j�n|js!|jjdd�q!n|jr�|jj	�r�t
|j�dksct
|j�dkry|jjdd�nt|j�|_q�|jjdd�n|jr�t|j�dks�t|j�dkr�|jjdd�q�n|jr�|jdkrI|js'|jjdd�n|jrI|jjdd�qIn|jdksg|jdkr�|js�|jjdd�n|jr�|jjdd�q�n|jd kr�|js�|jr�|jjdd!�q�q�n|jrX|jj	�rBt
|j�d
ks)t
|j�d"krU|jjdd#�qUqX|jjdd$�n|jr�|jj	�r�t
|j�d
ks�t
|j�d"kr�|jjdd%�q�q�|jjdd&�n|jrt|j�dks�t|j�dkr|jjdd'�qn|jr|jdkrn|jsL|jjdd(�n|jrn|jjdd)�qnn|jdks�|jdkr�|js�|jjdd*�n|jr�|jjdd+�q�n|jd kr|js�|jr	|jjdd,�q	qn|jr}|jj	�rgt
|j�d
ksNt
|j�d"krz|jjdd-�qzq}|jjdd.�n|jr�|jj	�r�t
|j�d
ks�t
|j�d"kr�|jjdd/�q�q�|jjdd0�n|jr:t|j�dks!t|j�dkr:|jjdd1�q:n|j r�|j j	�r�t
|j �d
ks|t
|j �d2kr�|jjdd3�q�q�|jjdd4�n|j!r	|j!j	�r	t
|j!�d
ks�t
|j!�d5kr	|jjdd6�q	q	|jjdd7�n|j"r�	|j"j	�rw	t
|j"�d
ks^	t
|j"�d8kr�	|jjdd9�q�	q�	|jjdd:�n|j#r�	|j#j	�r�	t
|j#�d
ks�	t
|j#�d;kr�	|jjdd<�q�	q�	|jjdd=�n|j$ro
|j$j	�rY
t
|j$�d
ks@
t
|j$�d;krl
|jjdd>�ql
qo
|jjdd?�n|j%r�
t|j%�dks�
t|j%�d@kr�
|jjddA�q�
n|j&r,|j&j	�rt
|j&�d
ks�
t
|j&�d8kr)|jjddB�q)q,|jjddC�n|j'r�|j'j	�r�t
|j'�d
ksnt
|j'�d8kr�|jjddD�q�q�|jjddE�n|j(r�t|j(�dks�t|j(�dkr�|jjddF�q�n|j)r5t|j)�dkst|j)�dGkr5|jjddH�q5n|j*rK|j+�nt,|j}|jrn|dI7}n|jr�|dJ7}n|jr�|dK7}n|jr�|dL7}n|jr�|dM7}n|jr�|dN7}n|jr�|dO7}n|jr
|dP7}n|jr
|dQ7}n|jr4
|dR7}n|jrJ
|dS7}n|jr`
|dT7}n|jrv
|dU7}n|jr�
|dV7}n|jr�
|dW7}n|jr�
|dX7}n|jr�
|dY7}n|j-r�
|dZ7}n|j r�
|d[7}n|j!r|d\7}n|j"r&|d]7}n|j.r<|d^7}n|j#rR|d_7}n|j$rh|d`7}n|da7}|j%r�|db7}n|j&r�|dc7}n|j'r�|dd7}n|de7}|j(r�|df7}n|j)r�|dg7}n|j*r|dh7}n|di7}|t/7}|j0dj|�}dk|kr;t}n|j1dldm�j1dndm�j1dodm�j1dpdm�}t2j3|�}|j4dq�}|r�xa|D]V}t5�}	x0|D](}
|
j6d�kr�|
j7|	|
j6<q�q�W|jdj8|	�q�Wn|jdrHxE|jdD]-}t9}|jrJ|j:dr�|jkrJt}n|jrt|j:ds�|jkrtt}n|jr�|j:dt�|jkr�t}n|jr�|j:du�|j;kr�t}n|jr�|jj<d��}|jj<d��}g}
xIt=d��D];}d;t
||�}|t
||�@}|
j8|�qWd�|
d
|
d|
d�|
d�f}||j:dv�kr�t}q�n|jr�|j:dw�|jkr�t}n|jr�|j:dx�|jkr�t}n|jr�|jj<d��}|jj<d��}g}
xIt=d��D];}d;t
||�}|t
||�@}|
j8|�q"Wd�|
d
|
d|
d�|
d�f}||j:dy�kr�t}q�n|jr�|j:dz�|jkr�t}n|jr�|j:d{�|jkr�t}n|jr&|j:d|�|jkr&t}n|jrP|j:d}�|jkrPt}n|jrz|j:d~�|jkrzt}n|jr�|j:d�|jkr�t}n|jr�|j:d��|jkr�t}n|jr�|j:d��|jkr�t}n|jr"|j:d��|jkr"t}n|jrL|j:d��|jkrLt}n|j:d��d�krgd�n|j:d��}|j-r�||j-kr�t}n|j r�|j:d��|j kr�t}n|j!r�|j:d��|j!kr�t}n|j"r|j:d��|j"krt}n|j.r?|j:d��|j.kr?t}n|j#ri|j:d��|j#krit}n|j$r�|j:d��|j$kr�t}n|j:d��j?�t@|jA�j?�kr�t}n|j%r�|j:d��|j%kr�t}n|j&r|j:d��|j&krt}n|j'rD|j:d��|j'krDt}n|jd�kr�|j:d��j?�t@|jB�j?�kr�t}n|j(r�|j:d��|j(kr�t}n|j)r�|j:d��|j)kr�t}n|j*r|j:d��|jCkrt}n|j:d��j?�t@|jD�j?�kr7t}n|rPqqWnt}|jd�krmtE|�}q�|jdkr�tE|�}q�t}q�n||jd�<d�S(�s! Check advance rule invalid args t
adv_rule_infotabsentR�s3Error: Please input rule_name when state is absent.ii s/Error: The len of rule_name is out of [1 - 32].R�sError: Please input rule_id.iI����s7Error: The value of rule_id is out of [0 - 4294967294].s Error: The rule_id is not digit.sDError: The rule_action and the protocol must input at the same time.s#Error: The source_ip %s is invalid.sError: Please input src_mask.s0Error: The value of src_mask is out of [1 - 32].s!Error: The src_mask is not digit.s3Error: The len of src_pool_name is out of [1 - 32].s!Error: The dest_ip %s is invalid.sError: Please input dest_mask.s1Error: The value of dest_mask is out of [1 - 32].s"Error: The dest_mask is not digit.s4Error: The len of dest_pool_name is out of [1 - 32].tlts#Error: The src_port_end must input.s+Error: The src_port_begin should not input.teqtgts%Error: The src_port_begin must input.s)Error: The src_port_end should not input.tranges6Error: The src_port_begin and src_port_end must input.i��s9Error: The value of src_port_begin is out of [0 - 65535].s'Error: The src_port_begin is not digit.s7Error: The value of src_port_end is out of [0 - 65535].s%Error: The src_port_end is not digit.s8Error: The len of src_port_pool_name is out of [1 - 32].s$Error: The dest_port_end must input.s,Error: The dest_port_begin should not input.s&Error: The dest_port_begin must input.s*Error: The dest_port_end should not input.s8Error: The dest_port_begin and dest_port_end must input.s:Error: The value of dest_port_begin is out of [0 - 65535].s(Error: The dest_port_begin is not digit.s8Error: The value of dest_port_end is out of [0 - 65535].s&Error: The dest_port_end is not digit.s9Error: The len of dest_port_pool_name is out of [1 - 32].is1Error: The value of precedence is out of [0 - 7].s#Error: The precedence is not digit.is+Error: The value of tos is out of [0 - 15].sError: The tos is not digit.i?s,Error: The value of dscp is out of [0 - 63].sError: The dscp is not digit.i�s2Error: The value of icmp_type is out of [0 - 255].s"Error: The icmp_type is not digit.s2Error: The value of icmp_code is out of [0 - 255].s"Error: The icmp_code is not digit.is.Error: The len of vrf_name is out of [1 - 31].s0Error: The value of syn_flag is out of [0 - 63].s!Error: The syn_flag is not digit.s5Error: The value of tcp_flag_mask is out of [0 - 63].s&Error: The tcp_flag_mask is not digit.s0Error: The len of time_range is out of [1 - 32].is7Error: The len of rule_description is out of [1 - 127].s<aclRuleID></aclRuleID>s<aclAction></aclAction>s<aclProtocol></aclProtocol>s<aclSourceIp></aclSourceIp>s<aclSrcWild></aclSrcWild>s<aclSPoolName></aclSPoolName>s<aclDestIp></aclDestIp>s<aclDestWild></aclDestWild>s<aclDPoolName></aclDPoolName>s<aclSrcPortOp></aclSrcPortOp>s#<aclSrcPortBegin></aclSrcPortBegin>s<aclSrcPortEnd></aclSrcPortEnd>s%<aclSPortPoolName></aclSPortPoolName>s<aclDestPortOp></aclDestPortOp>s<aclDestPortB></aclDestPortB>s<aclDestPortE></aclDestPortE>s%<aclDPortPoolName></aclDPortPoolName>s<aclFragType></aclFragType>s<aclPrecedence></aclPrecedence>s<aclTos></aclTos>s<aclDscp></aclDscp>s<aclIcmpName></aclIcmpName>s<aclIcmpType></aclIcmpType>s<aclIcmpCode></aclIcmpCode>s<aclTtlExpired></aclTtlExpired>s<vrfName></vrfName>s<aclSynFlag></aclSynFlag>s!<aclTcpFlagMask></aclTcpFlagMask>s!<aclEstablished></aclEstablished>s<aclTimeName></aclTimeName>s)<aclRuleDescription></aclRuleDescription>s<aclIgmpType></aclIgmpType>s<aclLogFlag></aclLogFlag>Rzs<data/>s
R�s
s/xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"s)xmlns="http://www.huawei.com/netconf/vrp"s/acl/aclGroups/aclGroup/aclRuleAdv4s/aclRuleAdv4taclRuleNamet	aclRuleIDt	aclActiontaclProtocoltaclSourceIpt
aclSrcWildtaclSPoolNamet	aclDestIptaclDestWildtaclDPoolNametaclSrcPortOptaclSrcPortBegint
aclSrcPortEndtaclSPortPoolNamet
aclDestPortOptaclDestPortBtaclDestPortEtaclDPortPoolNametaclFragTypet
aclPrecedencetaclTostaclDscptaclIcmpNametaclIcmpTypetaclIcmpCodet
aclTtlExpiredtvrfNamet
aclSynFlagtaclTcpFlagMasktaclEstablishedtaclTimeNametaclRuleDescriptiontaclIgmpTypet
aclLogFlagR%is%s.%s.%s.%siitclear_fragmentRR�R�N("R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�(FRoRnR2R1R6RdR�R�R7R�R&R8R9R�R:R
R;R-RhR<R=R>RiR?R@RBRARCRDRFRERGRIRJRKRMRNRPRQRRRTRURVR�tCE_GET_ACL_ADVANCE_RULE_HEADERRHRLtCE_GET_ACL_ADVANCE_RULE_TAILR|R�RR�R�RkR�R�R�RcRRgtsplitR�R'tlowerR(RORSRjRWR�(RwR�R�RzR�R{R�R�R�R�R�t
tmp_src_ipttmp_src_wildt
tmp_addr_itemtidxtitem1titem2ttmp_addrRH((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytcheck_advance_rule_args�s
		
	*

	*



	
		
	*

	*
		
	*

	*
		
	
	
	
	*

	*

	*
		
	
	
	
	*

	*

	*
	*

	*

	*

	*

	*

	*
	*

	*

	*
	*
	

	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	
	

	
	
	

	
	
	


		
	
	
!	!	!	!		!	!		!	!	!	!	!	!	!	!	!	!	*	!	!	!	!	!	!	*	!	!	!	*	!	!	!	*	cCs$|j|jd<|jr,|j|jd<n|jrH|j|jd<n|jrd|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|j	r�|j	|jd	<n|j
r|j
|jd
<n|jr(|j|jd<n|jrD|j|jd<n|j
r`|j
|jd
<n|jr||j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr|j|jd<n|jr$|j|jd<n|jr@|j|jd<n|jr\|j|jd<n|jrx|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr�|j|jd<n|jr|j|jd<n|jr |j|jd<n|jr<|j|jd<n|jrX|j|jd<n|j rt|j |jd <n|j!r�|j!|jd!<n|j"r�|j"|jd"<n|j#|jd#<|j$r�|j$|jd$<n|j%r�|j%|jd%<n|j&r|j&|jd&<n|j'|jd'<d(S()s Get proposed state R1R2R3R4R5R6R7R8R9R:R;R<R=R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQRRRSRTRURVRWN((R1RtR2R3R4R5R6R7R8R9R:R;R<R=R>R?R@RARBRCRDRERFRGRHRIRJRKRLRMRNRORPRQRRRSRTRURVRW(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytget_proposed�s�																																				cCs,|jd|jd<|jd|jd<dS(s Get existing state R�R�N(RmRuRn(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytget_existing�scCsj|j�|jd|jd<|j�|jd|jd<|j|jkrft|_t�|_	ndS(s Get end state R�R�N(
R�RmRvR�RnRuRoRpRqRr(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyt
get_end_state�s

	cCs�t|j}|jr*|d|j7}n|jrG|d|j7}n|jrd|d|j7}n|jr�|d|j7}n|t7}|jd|�}d|kr�|jj	dd�n|jj
�r�d	|j}n�|jr|jrd
|j|jj�f}nW|jr;|jr;d|j|jf}n,|jrg|jrgd|j|jf}n|jj
|�|jr�d|j}|jj
|�n|jr�d
|j}|jj
|�nt|_dS(s Merge acl operation s<aclType>%s</aclType>s<aclNumber>%s</aclNumber>s<aclStep>%s</aclStep>s#<aclDescription>%s</aclDescription>Rzs<ok/>R�sError: Merge acl failed.s
acl number %ssacl name %s %ssacl name %s number %ssdescription %ssstep %sN(tCE_MERGE_ACL_HEADERR2RfR3R4R5tCE_MERGE_ACL_TAILR}RdR�R�R�RrR�RcRp(RwRzR�tcmd((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyt	merge_acl�s:
				
	
	
cCsLt|j}|jr*|d|j7}n|jrG|d|j7}n|jrd|d|j7}n|jr�|d|j7}n|t7}|jd|�}d|kr�|jj	dd�n|jr�d	}|j
j|�n|jrd
}|j
j|�n|jj�r"d|j}n
d|j}|j
j|�t
|_d
S(s Delete acl operation s<aclType>%s</aclType>s<aclNumber>%s</aclNumber>s<aclStep>%s</aclStep>s#<aclDescription>%s</aclDescription>Rzs<ok/>R�sError: Delete acl failed.sundo descriptions	undo stepsundo acl number %ssundo acl name %sN(tCE_DELETE_ACL_HEADERR2RfR3R4R5tCE_DELETE_ACL_TAILR}RdR�RrR�R�RcRp(RwRzR�R�((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyR�s0
				
		
cCs�t|j|jf}|jr3|d|j7}n|jrP|d|j7}n|jrm|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|j	r�|d|j	7}n|j
r�|d|j
7}n|jr�|d|j7}n|jr|d	|j7}n|j
r8|d
|j
7}n|jrU|d|j7}n|jrr|d|j7}n|jr�|d
|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr|d|j7}n|jr |d|j7}n|jr=|d|j7}n|jrZ|d|j7}n|jrw|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|dt|j�j�7}|jr|d|j7}n|j r%|d|j 7}n|j!rB|d|j!7}n|jdkrq|dt|j"�j�7}n|j#r�|d|j#7}n|j$r�|d |j$7}n|j%r�|d!|j&7}n|d"t|j'�j�7}|t(7}|j)d#|�}d$|kr#|j*j+d%d&�n|jr�|jr�d'}|jrX|d(|j7}n|d(|j7}|d(|j7}|jr�|d)|j7}n|jr�|d*|j7}n|jr�|jr�|d+|j|jf7}n|j	r|d,|j	7}n|j
r�|d-7}|j
d.kr6|d/|j7}q�|j
d0krY|d1|j7}q�|j
d2kr||d3|j7}q�|j
d4kr�|d5|j|jf7}q�n|jr�|d6|j7}n|j
r�|jr�|d7|j
|jf7}n|jr|d8|j7}n|jr�|d97}|jd.krJ|d/|j7}q�|jd0krm|d1|j7}q�|jd2kr�|d3|j7}q�|jd4kr�|d5|j|jf7}q�n|jr�|d:|j7}n|jd;kr�|d<7}n|jr|d=|j,|j7}n|jd>kr�|jrH|d?|j7}q�|jrw|jrw|d@|j|jf7}q�|jr�|d?|j7}q�n|jdkr�|j r�|dA|j 7}n|j!r�|dB|j!7}n|j"r�|dC7}q�n|jdDkr(|j%r(|dE|j%7}q(n|j#rE|dF|j#7}n|jrb|dG|j7}n|jrx|dH7}n|j'r�|dI7}n|j-j.|�n|j$r�dJ|j|j$f}|j-j.|�nt/|_0dKS(Ls Merge advance rule operation s<aclRuleID>%s</aclRuleID>s<aclAction>%s</aclAction>s<aclProtocol>%s</aclProtocol>s<aclSourceIp>%s</aclSourceIp>s<aclSrcWild>%s</aclSrcWild>s<aclSPoolName>%s</aclSPoolName>s<aclDestIp>%s</aclDestIp>s<aclDestWild>%s</aclDestWild>s<aclDPoolName>%s</aclDPoolName>s<aclSrcPortOp>%s</aclSrcPortOp>s%<aclSrcPortBegin>%s</aclSrcPortBegin>s!<aclSrcPortEnd>%s</aclSrcPortEnd>s'<aclSPortPoolName>%s</aclSPortPoolName>s!<aclDestPortOp>%s</aclDestPortOp>s<aclDestPortB>%s</aclDestPortB>s<aclDestPortE>%s</aclDestPortE>s'<aclDPortPoolName>%s</aclDPortPoolName>s<aclFragType>%s</aclFragType>s!<aclPrecedence>%s</aclPrecedence>s<aclTos>%s</aclTos>s<aclDscp>%s</aclDscp>s<aclIcmpName>%s</aclIcmpName>s<aclIcmpType>%s</aclIcmpType>s<aclIcmpCode>%s</aclIcmpCode>s!<aclTtlExpired>%s</aclTtlExpired>s<vrfName>%s</vrfName>s<aclSynFlag>%s</aclSynFlag>s#<aclTcpFlagMask>%s</aclTcpFlagMask>Rs#<aclEstablished>%s</aclEstablished>s<aclTimeName>%s</aclTimeName>s+<aclRuleDescription>%s</aclRuleDescription>s<aclIgmpType>%s</aclIgmpType>s<aclLogFlag>%s</aclLogFlag>Rzs<ok/>R�s"Error: Merge acl base rule failed.trules %ss dscp %ss tos %ss
 source %s %ss source-pool %ss source-portR�s lt %sR�s eq %sR�s gt %sR�s range %s %ss source-port-pool %ss destination %s %ss destination-pool %ss destination-ports destination-port-pool %stfragments fragment-type fragments precedence %sRs
 icmp-type %ss icmp-type %s %ss tcp-flag %ss mask %ss establishedRs
 igmp-type %ss time-range %ss vpn-instance %ss ttl-expireds loggingsrule %s description %sN(1t CE_MERGE_ACL_ADVANCE_RULE_HEADERR2R6R7R8R9RgR:RhR<R=RiR?R@RARBRCRDRERFRGRHRIRJRKRLRMRNR(ROR�RPRQRRRSRTRURVRjRWtCE_MERGE_ACL_ADVANCE_RULE_TAILR}RdR�RlRrR�RcRp(RwRzR�R�((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytmerge_adv_rule6s*																											 			
					
			
	
										
	
	cCs�t|j|jf}|jr3|d|j7}n|jrP|d|j7}n|jrm|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|j	r�|d|j	7}n|j
r�|d|j
7}n|jr�|d|j7}n|jr|d	|j7}n|j
r8|d
|j
7}n|jrU|d|j7}n|jrr|d|j7}n|jr�|d
|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr|d|j7}n|jr |d|j7}n|jr=|d|j7}n|jrZ|d|j7}n|jrw|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|jr�|d|j7}n|dt|j�j�7}|jr|d|j7}n|j r%|d|j 7}n|j!rB|d|j!7}n|jdkrq|dt|j"�j�7}n|j#r�|d|j#7}n|j$r�|d |j$7}n|j%r�|d!|j%7}n|d"t|j&�j�7}|t'7}|j(d#|�}d$|kr#|j)j*d%d&�n|j$r�|jj+�rKd'|j}n
d(|j}|j,j-|�d)|j}|j,j-|�n|jr�|jj+�r�d'|j}n
d(|j}|j,j-|�d*|j}|j,j-|�n�|jr~|jr~|jj+�rd'|j}n
d(|j}|j,j-|�d+}|d,|j7}|d,|j7}|jr�|d-|j7}n|jr�|d.|j7}n|jr�|j.r�|d/|j|j.f7}n|j	r�|d0|j	7}n|j
r�|d17}|j
d2kr|d3|j7}q�|j
d4krB|d5|j7}q�|j
d6kre|d7|j7}q�|j
d8kr�|d9|j|jf7}q�n|jr�|d:|j7}n|j
r�|j/r�|d;|j
|j/f7}n|jr�|d<|j7}n|jr�|d=7}|jd2kr3|d3|j7}q�|jd4krV|d5|j7}q�|jd6kry|d7|j7}q�|jd8kr�|d9|j|jf7}q�n|jr�|d>|j7}n|jd?kr�|d@7}n|jr|dA|j0|j7}n|j#r"|dB|j#7}n|jr?|dC|j7}n|jrU|dD7}n|j&rk|dE7}n|j,j-|�nt1|_2dFS(Gs Delete advance rule operation s<aclRuleID>%s</aclRuleID>s<aclAction>%s</aclAction>s<aclProtocol>%s</aclProtocol>s<aclSourceIp>%s</aclSourceIp>s<aclSrcWild>%s</aclSrcWild>s<aclSPoolName>%s</aclSPoolName>s<aclDestIp>%s</aclDestIp>s<aclDestWild>%s</aclDestWild>s<aclDPoolName>%s</aclDPoolName>s<aclSrcPortOp>%s</aclSrcPortOp>s%<aclSrcPortBegin>%s</aclSrcPortBegin>s!<aclSrcPortEnd>%s</aclSrcPortEnd>s'<aclSPortPoolName>%s</aclSPortPoolName>s!<aclDestPortOp>%s</aclDestPortOp>s<aclDestPortB>%s</aclDestPortB>s<aclDestPortE>%s</aclDestPortE>s'<aclDPortPoolName>%s</aclDPortPoolName>s<aclFragType>%s</aclFragType>s!<aclPrecedence>%s</aclPrecedence>s<aclTos>%s</aclTos>s<aclDscp>%s</aclDscp>s<aclIcmpName>%s</aclIcmpName>s<aclIcmpType>%s</aclIcmpType>s<aclIcmpCode>%s</aclIcmpCode>s!<aclTtlExpired>%s</aclTtlExpired>s<vrfName>%s</vrfName>s<aclSynFlag>%s</aclSynFlag>s#<aclTcpFlagMask>%s</aclTcpFlagMask>Rs#<aclEstablished>%s</aclEstablished>s<aclTimeName>%s</aclTimeName>s+<aclRuleDescription>%s</aclRuleDescription>s<aclIgmpType>%s</aclIgmpType>s<aclLogFlag>%s</aclLogFlag>Rzs<ok/>R�s#Error: Delete acl base rule failed.s
acl number %ssacl name %ssundo rule %s descriptionsundo rule %ss	undo rules %ss dscp %ss tos %ss
 source %s %ss source-pool %ss source-portR�s lt %sR�s eq %sR�s gt %sR�s range %s %ss source-port-pool %ss destination %s %ss destination-pool %ss destination-ports destination-port-pool %sR�s fragment-type fragments precedence %ss time-range %ss vpn-instance %ss ttl-expireds loggingN(3t!CE_DELETE_ACL_ADVANCE_RULE_HEADERR2R6R7R8R9RgR:RhR<R=RiR?R@RARBRCRDRERFRGRHRIRJRKRLRMRNR(ROR�RPRQRRRSRTRURVRWtCE_DELETE_ACL_ADVANCE_RULE_TAILR}RdR�R�RrR�R;R>RlRcRp(RwRzR�R�((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytdelete_adv_rule�s 																											 			
	

	


				
			
	
				
	
cCs7|j�|j�|j�|j�|jdkrn|jdrQ|j�n|jdr�|j�q�nX|jdkr�|jdr�|j	�q�n,|jdkr�|jdr�|j
�q�n|j�|j|j
d<|j|j
d<|j|j
d<|j|j
d<|j|j
d	<|jj|j
�d
S(s Main work function R�R�R�R�RpRtRuRvtupdatesN(R�R�R�R�R1RmR�RnR�R�R�R�RpRsRtRuRvRrRdt	exit_json(Rw((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytworkxs,









(t__name__t
__module__t__doc__RyR|R}R�R�R�R�R�R�R�R�R�R�R�R�(((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyR.�s"	N					�	��	P		
	*	%	�	�cXCsWtdtddddgdd�dtdd	d
t�dtdd	�dtdd	�d
tdd	�dtdd	�dtdd	�dtdddg�dtdddddddddg�dtdd	�dtdd	�dtdd	�dtdd	�d tdd	�d!tdd	�d"tdd#d$d%d&g�d'tdd	�d(tdd	�d)tdd	�d*tdd#d$d%d&g�d+tdd	�d,tdd	�d-tdd	�d.tdd/d0g�d1tdd	�d2tdd	�d3tdd	�d4tdd5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLg�dMtdd	�dNtdd	�dOtd
tdtddP�dQtdd	�dRtdd	�dStdd	�dTtd
tdtddP�dUtdd	�dVtdd	�dWtddXdYdZd[d\d]d^d_d`dag
�dbtd
tdtddP��'}|jt�tdc|�}|j�ddS(es
 Module main R1tchoicesR�R�R�tdefaultR2ttypeR(trequiredR3R4R5R6R7R8tpermittdenyR9RRRRRRRRR:R;R<R=R>R?R@R�R�R�R�RARBRCRDRERFRGRHR�R�RIRJRKRLt
unconfigedtechos
echo-replysfragmentneed-DFsets
host-redirectshost-tos-redirectshost-unreachablesinformation-replysinformation-requestsnet-redirectsnet-tos-redirectsnet-unreachablesparameter-problemsport-unreachablesprotocol-unreachablesreassembly-timeouts
source-quenchssource-route-failedstimestamp-replystimestamp-requeststtl-exceededsaddress-mask-replysaddress-mask-requesttcustomRMRNROR�RPRQRRRSRTRURVs
host-querys
mrouter-advers
mrouter-solics
mrouter-termismtrace-respsmtrace-routes
v1host-reports
v2host-reports
v2leave-groups
v3host-reportRWR/N(RkRcRotupdateR	R.R�(R/Rd((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pytmain�sf
t__main__N( tANSIBLE_METADATAt
DOCUMENTATIONtEXAMPLEStRETURNt	xml.etreeRtansible.module_utils.basicRt+ansible.module_utils.network.cloudengine.ceRRR	R
R�R�R�R�R�R�R�R�R�R�R�R�R~R�R-tobjectR.R�R�(((sV/usr/lib/python2.7/site-packages/ansible/modules/network/cloudengine/ce_acl_advance.pyt<module>s^


�7"




	�����	:

Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]